tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Beth Kelly" <bethke...@bellsouth.net>
Subject Re: JDBC Realms
Date Mon, 06 Aug 2001 16:10:37 GMT

Kyle Wayne Kelly
(504)391-3985
http://www.cs.uno.edu/~kkelly
----- Original Message ----- 
From: "Michael Wentzel" <Michael.Wentzel@aswethink.com>
To: <tomcat-user@jakarta.apache.org>
Sent: Monday, August 06, 2001 6:13 AM
Subject: RE: JDBC Realms


> > You could store the password in the session.  When the user 
> > changes his or
> > her password, just update the session information.
> > 
> 
> Advantage: You don't lose existing session data
> Disadv   : You're not actually re-authenticating
                (not really authenticating, you lost me)
> 
> > >
> > > If you're using FORM based authentication I believe you could do
> > > a request passing with a username and new password passed in URL
> > > as j_username and j_password to j_security_check.  Haven't tried
> > > this myself but it's worth a try.
> 
> Advantage: You're actually re-authenticating
> Disadv   : You will lose existing session data and start with new session
> 
> It all depends on exactly what you're trying to accomplish and which 
> method best fits your needs.
> 
> 
> ---
> Michael Wentzel
> Software Developer
> Software As We Think - http://www.aswethink.com



Mime
View raw message