Forum Discussion
Ronak_79648
Jan 05, 2009Nimbostratus
I think I am not explaining it right. The way code is suggested it will go in infinite re-direct loop as when client first request login page cookie is not there.
The way it needs to be is request for login page is always allowed. after successful authentication cookie is sent to client and all other request is allowed till cookie times out.