https://bz.apache.org/bugzilla/show_bug.cgi?id=64713
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Robert Rodewald from comment #2) > I suppose you meant: > Boolean.TRUE.equals(map.get("javax.servlet.http.registerSession")) ? Derp. > The third option is important in my opinion. I'm thinking of Bearer > authentication. As soon as you don't send the token you should not be > authenticated any more (you would now be because of cached value in the > session). Aha, I get it, and yes, I agree. Although honestly Bearer authentication should probably not be using a session but there's no need to be sloppy. > I will try to produce the patch. Will be my first time but I'll do my best. Excellent. Ask on the dev@ list if you need any help with that; we're happy to help. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org