Details
-
Feature Request
-
Resolution: Won't Do
-
Major
-
None
-
None
-
None
Description
When the auth-method DIGEST is specified in the login-config section of the web.xml of an application, requests to this application do not get a session cookie in return until there is an authenticated session. In a load balanced environment, this becomes problematic as the response to the DIGEST challenge risks being sent to another node than the one that sent the challenge, which leads to authentication failure.