Security accross popups and new browser windows

[mcirque]

I have a struts/spring/hibernate application that is using ACEGI for the security layer. Everything has been working without flaw. However, we have a requirement that we need to show reports in a new browser window. We are currently hoping to do this with javascript's window.open... When the new window opens we are forced to authenticate again and then the content shows correctly. I thought this might be a problem with a poorly encoded URL but even with the jsessionid content on there the new window still requires authentication. Suggestions/Ideas/Comments. Thanks

[Ben Alex]

Acegi Security works with HttpSessions, so do you get the same HttpSession identifier in requests made from your new popup window as your original application's window? I use popups extensively with Acegi Security (for search forms etc) and do not experience any problems.

[mcirque]

hmm...not sure what was going on the other day but it seems to be working fine now. I guess a reboot every now and then can solve problems.