I found your article very useful, it works perfect. But I have a question regarding tomcat security.
The problem is, that I have both my web application called myproject and cocoon under webapps in my tomcat4. Each webapp has it's own WEB-INF directory and a web.xml file with security constraints in it.

BUT: I must login TWICE always for every webapp separately, wenn I call, say, my myproject servlet and cocoon from myproject.

Can I protect all my webapps at a time in one place so that I need to login only one time for all applications? Is it possible?

Thanks in advance,
Regards,
Viktor Skladov,
Germany