Keep having to login with container based authentaction.

Hi
I have written something using the j_security_check. Yet i keep having to login. My web.xml file looks like this:
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/loginFailed.jsp</form-error-page> </form-login-config> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>user</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>users</web-resource-name> <url-pattern>/normal/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>user</role-name> <role-name>admin</role-name> </auth-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>users</web-resource-name> <url-pattern>/restricted/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint>

I can get it to work if i only have a small number of jsps in the restricted in the directory.
Thanks in advance
Dean

Are your users defined in the tomcat.xml file ?

No in my database which it access as i can get logged in just when i come to do something once logged in i have to relogin.
Dean

Is your session tracking working ?

How do you mean i enabled session persistance on tomcat which uses a database and that works.
Dean

I mean is your browser passing the session ID between the requests ?

Yes it is.