tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: How to serialize user principle
Date Mon, 13 Sep 2010 18:21:33 GMT
Caldarale, Charles R wrote:
>> From: Mohammad M. AbuZer [] 
>> Subject: How to serialize user principle
>> Is there anyway that force tomcat to serialize user 
>> Principle so that when tomcat webapp get reloaded or
>> even tomcat restarted, logged in users won't be asked
>> to login again...
> That normally happens automatically (as long as the session hasn't expired), so the real
question is what did you change to disable the standard behavior?
> While you're at it, tell us the Tomcat version you're using, and the <Realm> you
have configured for authentication.

I think that you also should be more clear about what you would really like to achieve.
As far as I know, the Tomcat (container-managed) authentication is based on the user 
session, and the persistence of a session is linked to the JSESSIONID cookie which Tomcat

sends to the browser; and as far as I know this JSESSIONID cookie, by default, only lasts

for the duration of a web browser session.

So, independently of whether Tomcat saves and persists the sessions across a webapp reload

or a Tomcat restart, if the user close and re-open their browser, their session will be 
lost, and so will their authentication.

If your goal is that users need to login only once during any day, then you should look at

some Single-Sign-On mechanism, external to Tomcat.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message