Please, let me known if I am wrong of not:

With form based authentication, I only have to protect a resourse, and then specify form based authentication. A web container must implement a form with a POST action with the distniguised pseudo URL j_security_check, wich takes username and password parameters with the defined names j_username and j_password.

The container will force the user to authenticate by submitting the login form.

Then, a HTTPSESSION will be created, and mantained with the JSESSION cookie. Is true that, afterthat, the form is no longer submitted since I already have the data onf the authenticated user on the JSESSION ? Could I access to the data (getUserName) of the user only trough that session ?

If so, since the data of the session is stored on the JSESSION cookie.. What happens If I get redirected to another WebLogic Server ? What happens if a open antoher applicatoon on that server (or a different one) that has his own session ?