In HSFJ , web-app security chp, pg 647, it says , "if you are using form authentication, be sure to turn on SSL or session tracking , or your container might not recognize the login form when it is returned."
"Secure Sockets Layer" (currently SSL 3.0) - an encryption system used when a request using the Secure HTTP (HTTPS) protocol is created. TLS 1.0 (or Transport Layer Security 1.0) supercedes SSL 3.0 although it is roughly identical.
By the way, a quick Google around would find you the answer (and a load of explanations) much faster than posting on this forum.
Charles Lyons (SCJP 1.4, April 2003; SCJP 5, Dec 2006; SCWCD 1.4b, April 2004)
Author of OCEJWCD Study Companion for Oracle Exam 1Z0-899 (ISBN 0955160340 / AmazonAmazon UK )
very EXTENSIVE explanations though .. much more than I asked for ! 
