tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bob Herrmann <...@jadn.com>
Subject Re: Form auth status not persisted between tomcat reloads
Date Tue, 10 Sep 2002 22:02:16 GMT

Humm.  To be 'logged in' is to have a 'principal'
StandardSession.java declares it's principal like this

     /**
     * The authenticated Principal associated with this session, if any.
     * <b>IMPLEMENTATION NOTE:</b>  This object is <i>not</i> saved
and
     * restored across session serializations!
     */
     private transient Principal principal = null;


I don't know of any effort to change this behavior in Tomcat.

Cheers
-bob

On Tue, 2002-09-10 at 17:54, Kristoffer Michael wrote:
> 
> If a user is logged in (by using FORM auth), and tomcat is restarted,
> the "logged in" status for the user is forgotten, even though the
> session and session attributes are remembered.
> Apparently the status is not stored in the session (but in a HttpRequest note)?
> 
> Is this a "feature", or is there going to be work on it in the future?
> 
> BTW, using SSO cookies doesn't seem to help (don't know if this is related).
> 
> -km
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>
-- 
Cheers,
-bob


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message