tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Kachanov" <alex.kacha...@stellent.co.jp>
Subject RE: JDBC Realm - changing password
Date Wed, 04 Sep 2002 03:48:10 GMT
yes, I'm sure

I disabled cookies in my browser.
and I've used another browser (opera) to 
access the same page after the password has been changed.
It still uses the same old password.

New password is not used utill restart.




with best wishes
Alexander Kachanov

> -----Original Message-----
> From: Markus Zanglein [mailto:m.zaenglein@gmx.de]
> Sent: 3 сентября 2002 г. 21:44
> To: Tomcat Users List
> Subject: Re: JDBC Realm - changing password
> 
> 
> are you shure, that your session is really got invalidated ?
> 
> If you track sessions via cookies, make sure that your 
> browser deletes the cookie on exit.
> it might be, that the cookie lifetime is not set to "0"
> 
> cu
> 
> MZ
> 
> -----Ursprьngliche Nachricht-----
> Von: Alex Kachanov <alex.kachanov@stellent.co.jp>
> An: Tomcat Users List <tomcat-user@jakarta.apache.org>
> Datum: Dienstag, 3. September 2002 11:44
> Betreff: HA: JDBC Realm - changing password
> 
> 
> It looks as it is not working.
> 
> I log into protected area as nnnn/mmmmm
> Then logout.
> Close all browser windows
> Change the password to "qqqqqq"
> Launch new browser 
> Open the protected area
> Still nnnn/mmmmm is valid combination but nnnn/qqqqqq is not.
> 
> Restart Tomcat
> Launch new browser 
> Open the protected area
> nnnn/qqqqqq is now a valid login combination
> 
> Using Tomcat 4.0.4 English
> Tried both MemoryRealm and JDBCRealm
> 
> 
> -----Исходное сообщение----- 
> От: David Cassidy [mailto:david@twocats.co.uk] 
> Отправлено: Вт 03.09.2002 18:08 
> Кому: Tomcat Users List 
> Копия: 
> Тема: Re: JDBC Realm - changing password
> 
> 
> 
> to quote ...
> 
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html
> 
>     * Once a user has been authenticated, the user (and his or her
>       associated roles) are cached within Tomcat for the 
> duration of the
>       user's login. (For FORM-based authentication, that 
> means until the
>       session times out or is invalidated; for BASIC authentication,
>       that means until the user closes their browser). Any changes to
>       the database information for an already authenticated user will
>       *not* be reflected until the next time that user logs on again.
> 
> has this user 'logged out' / had their session invalidated ?
> 
> Very interrested as I want to use this myself and if things like pw
> change don't work then ....
> 
> Let us know
> 
> D
> 
> 
> 
> Alex Kachanov wrote:
> 
> >OK, a user wants to change his password for the Tomcat 
> protected folder.
> >The protection is done using JDBCRealm (or MemoryRealm).
> >The password is changed using a special servlet.
> >
> >OK, password is changed in the database, BUT,
> >you have to restrat Tomcat or restart the context to make 
> new password working!
> >
> >That's sad, unless I'm missing something.
> >
> >with best wishes
> >Alexander Kachanov
> >
> >
> >--
Mime
View raw message