I have a servlet which I want to require authorization to. So, I have a simple login form, just html, which posts to a sevlet called LoginHandler. Then, if a correct username and password are used, the LoginHandler redirects to the protected servlet.

This is working some of the time. When it does not work, by the time I get to the protected servlet the session values are null. I have been unable to produce the error on my own.

I noticed that JServ has a known bug with sessions/cookies. It is suggested that buffering the output fixes the problem.

Has anyone else had this problem? If so, how did you fix it?