tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Markus Zänglein" <m.zaengl...@gmx.de>
Subject Re: JDBC Realm - changing password
Date Tue, 03 Sep 2002 12:43:53 GMT
are you shure, that your session is really got invalidated ?

If you track sessions via cookies, make sure that your browser deletes the cookie on exit.
it might be, that the cookie lifetime is not set to "0"

cu

MZ

-----Ursprüngliche Nachricht-----
Von: Alex Kachanov <alex.kachanov@stellent.co.jp>
An: Tomcat Users List <tomcat-user@jakarta.apache.org>
Datum: Dienstag, 3. September 2002 11:44
Betreff: HA: JDBC Realm - changing password


It looks as it is not working.

I log into protected area as nnnn/mmmmm
Then logout.
Close all browser windows
Change the password to "qqqqqq"
Launch new browser 
Open the protected area
Still nnnn/mmmmm is valid combination but nnnn/qqqqqq is not.

Restart Tomcat
Launch new browser 
Open the protected area
nnnn/qqqqqq is now a valid login combination

Using Tomcat 4.0.4 English
Tried both MemoryRealm and JDBCRealm


-----Исходное сообщение----- 
От: David Cassidy [mailto:david@twocats.co.uk] 
Отправлено: Вт 03.09.2002 18:08 
Кому: Tomcat Users List 
Копия: 
Тема: Re: JDBC Realm - changing password



to quote ...

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html

    * Once a user has been authenticated, the user (and his or her
      associated roles) are cached within Tomcat for the duration of the
      user's login. (For FORM-based authentication, that means until the
      session times out or is invalidated; for BASIC authentication,
      that means until the user closes their browser). Any changes to
      the database information for an already authenticated user will
      *not* be reflected until the next time that user logs on again.

has this user 'logged out' / had their session invalidated ?

Very interrested as I want to use this myself and if things like pw
change don't work then ....

Let us know

D



Alex Kachanov wrote:

>OK, a user wants to change his password for the Tomcat protected folder.
>The protection is done using JDBCRealm (or MemoryRealm).
>The password is changed using a special servlet.
>
>OK, password is changed in the database, BUT,
>you have to restrat Tomcat or restart the context to make new password working!
>
>That's sad, unless I'm missing something.
>
>with best wishes
>Alexander Kachanov
>
>
>--
>To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
>For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
>
> 
>




--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>






--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message