tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: Form Authentication vs. Tomcat Restart
Date Wed, 07 Dec 2011 14:12:24 GMT
2011/12/7 Jess Holle <jessh@ptc.com>:
> I should have noted that this is with Tomcat 7.0.23, but it seemed unlikely
> to be JVM (Java 6 Update 29) or OS (Windows 7) specific.
>
> Of course given that I found that the documentation clearly states this
> behavior, I suspect this is longstanding Tomcat behavior.
>
> My remaining question is /why/ Tomcat behaves this way.  If one quickly
> restarts Tomcat for some reason and session data is preserved, you really
> don't want all the users to have to login again do you?
>

I think there are a simple reason:
The data contain user's password. You wouldn't want the password to be
written to disk. It is safer if it is kept in memory only.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message