tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: CoyoteRequest.recycle() and userPrincipal
Date Tue, 30 Sep 2003 16:07:20 GMT
Amy Roh wrote:
> The admin logs you out and asks you to reauthenticate yourself again after
> you do "commit".  It seems like after the admin gets redeployed, the same
> CoyoteRequestFacade loses its userPrincipal in the recycle() method.  What
> is the motivation for setting userPrincipal to null in recycle()?  I don't
> think it's acceptable to ask the user to keep logging on and reauthenticate
> his/herself everytime you commit.
> Comments?

Well, I think it is perfectly acceptable, sorry ;-)

BTW, there's no CoyoteRequestFacade.recycle, that's in CoyoteRequest, 
and it is obviously a field which needs to be recycled.

"Fixing" this will create a major security issue. Please refrain from 
fixing things you do not seem to understand well, or please only do so 
in Sun's repositories.


View raw message