I can't remember if I did or not, but there is a problem that I realized last night, but I'm just finally able to get to posting it. The session that is used is the one that is "created" for the original, protected asset request. A redirect is sent to the browser (with a cookie) telling them to go to the form page. This is the step where the container would have to be changed. Once the form is being "processed" within the right session, we would be all set, however, currently, there is no way to do it without setting a cookie. I think this might be possible... will check when I get back to my sample code.
-ds
[Message sent by forum member 'digitalseraphim']
http://forums.java.net/jive/thread.jspa?messageID=394948