https://issues.apache.org/bugzilla/show_bug.cgi?id=55804
--- Comment #3 from Mark Thomas <ma...@apache.org> --- When the session ID is changed on authentication that is exactly what happens. The session object remains the same, just the ID changes. There should be no need to populate the session as it remains populated. If you need to update some of your session attributes because the ID has changed, you can use an HttpSessionIdListener. On this basis, it looks like having request.getUserPrincipal() return null if the GSSCredential has expired will be sufficient. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
