tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <>
Subject Re: Form auth status not persisted between tomcat reloads
Date Tue, 10 Sep 2002 22:02:16 GMT

Humm.  To be 'logged in' is to have a 'principal' declares it's principal like this

     * The authenticated Principal associated with this session, if any.
     * <b>IMPLEMENTATION NOTE:</b>  This object is <i>not</i> saved
     * restored across session serializations!
     private transient Principal principal = null;

I don't know of any effort to change this behavior in Tomcat.


On Tue, 2002-09-10 at 17:54, Kristoffer Michael wrote:
> If a user is logged in (by using FORM auth), and tomcat is restarted,
> the "logged in" status for the user is forgotten, even though the
> session and session attributes are remembered.
> Apparently the status is not stored in the session (but in a HttpRequest note)?
> Is this a "feature", or is there going to be work on it in the future?
> BTW, using SSO cookies doesn't seem to help (don't know if this is related).
> -km
> --
> To unsubscribe, e-mail:   <>
> For additional commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message