>
> "The programmatic login state does not necessarily persist in sessions
> or participate in single sign-on."
Because of the issue below, the login wasn't stored in the session
until a recent fix:
https://glassfish.dev.java.net/issues/show_bug.cgi?id=11340
Could that be causing your problem? (If so, I think you'd also see
that users aren't logged in after the initial request.)
Cheers,
Bobby