https://bz.apache.org/bugzilla/show_bug.cgi?id=64713
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> ---
(In reply to Robert Rodewald from comment #2)
> I suppose you meant:
> Boolean.TRUE.equals(map.get("javax.servlet.http.registerSession")) ?
Derp.
> The third option is important in my opinion. I'm thinking of Bearer
> authentication. As soon as you don't send the token you should not be
> authenticated any more (you would now be because of cached value in the
> session).
Aha, I get it, and yes, I agree. Although honestly Bearer authentication should
probably not be using a session but there's no need to be sloppy.
> I will try to produce the patch. Will be my first time but I'll do my best.
Excellent. Ask on the dev@ list if you need any help with that; we're happy to
help.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
