tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <>
Subject Re: Form Authentication vs. Tomcat Restart
Date Wed, 07 Dec 2011 14:12:24 GMT
2011/12/7 Jess Holle <>:
> I should have noted that this is with Tomcat 7.0.23, but it seemed unlikely
> to be JVM (Java 6 Update 29) or OS (Windows 7) specific.
> Of course given that I found that the documentation clearly states this
> behavior, I suspect this is longstanding Tomcat behavior.
> My remaining question is /why/ Tomcat behaves this way.  If one quickly
> restarts Tomcat for some reason and session data is preserved, you really
> don't want all the users to have to login again do you?

I think there are a simple reason:
The data contain user's password. You wouldn't want the password to be
written to disk. It is safer if it is kept in memory only.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message