I found your article very useful, it works perfect. But I have a question regarding tomcat security.
The problem is, that I have both my web application called myproject and cocoon under webapps in my tomcat4. Each webapp has it's own WEB-INF directory and a web.xml file with security constraints in it.
BUT: I must login TWICE always for every webapp separately, wenn I call, say, my myproject servlet and cocoon from myproject.
Can I protect all my webapps at a time in one place so that I need to login only one time for all applications? Is it possible?
Thanks in advance,