tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <>
Subject Re: Persist authenticated sessions across tomcat restarts
Date Mon, 30 Jul 2018 08:26:00 GMT
Am 27.07.2018 13:36, schrieb Tim K:
> Hello,
> I'm creating a new app under Tomcat 9.0.8 (local dev: windows, live
> servers: linux).
> I have successfully created a custom JAAS authentication, which works 
> just
> fine.
> I have SSO enabled at the moment, but not sure if I really need it.
> I left the default StandardManager config in place, I do see
> the SESSIONS.ser get created upon a shutdown and I see it get removed 
> upon
> startup, so I'm assuming it's reading it in...
> I'm expecting that once a user authenticates with the JAAS module one 
> time,
> and has a valid session, if I restart tomcat on the backend, that user 
> will
> NOT need to re-authenticate, but it appears to be kicking them back to 
> the
> login screen after the restart, and it's not accepting their JSESSIONID
> cookie value, it's giving them a new one upon hitting a secured 
> resource.
> From what I've read, I believe that JAAS can cache an authenticated
> session, but it doesn't appear to be working for me.  Is there 
> something
> I'm missing?  Also, I'm using form-login.

Are your Principal classes serializable?
Do you see any Exceptions in the log files when you restart Tomcat?


> Thank you,
> Tim

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message