> > It looks to me like authenticator Actions query the database, dbxml, > or > > whatever on every > > login > > > request.
Ah. You're right below, I see now that the db-authentication is only called on the login handler.... > > - Is that really necessary once the session has been established? > Probably. > > Of course, you want to verify password. ... but I thought this also, which is why I figured the DB was being queried every time since any DB changes would need to be reflected immediately. Of course, the 'protected' sample doesn't even use a password but I figure you're speaking abstractly. > PS Are you confusing authenticators with validators? See > protected/sitemap.xmap. Yes. As for my other thread, any experience using container managed security with Cocoon? Per --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
