"mars1412" wrote : why would you let the user login, before she even confirmed the e-mail address? Because the progress is the following: 1. Register yourself (now you have an account with username and password) 2. Get the confirmation email 3. click on the link in the mail 4. Login 5. Your email address is confirmed. anonymous wrote : in most system it works like that:* user registers | | * email is sent to given address | | * user clicks on the activation link (NO login required) | | * account is activated | | * from now on the user can login | This is not save! If you enter a wrong email address someone else gets your email, can log in, and sees your details. anonymous wrote : if that's what you want, I could show U some of our code No, that's not what I want. The problem is - like I posted - about how to propagate the req parameter to the over next step. Thank you anyway, Mark View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4127010#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...