Hi Steve, I tried reproducing your scenario and noticed that upon restart, the SESSIONS.ser file was there, and reloading an authenticated page from my browser worked without entering a new password as long as that SESSIONS.ser file existed. But if I opened a new fresh browser with cache cleared, it would correctly prompt me again for the password, and only accepted the new one. This was without me touching the SESSIONS.ser file.
So it appears that if my browser already has a session established under which it has authenticated once, the old password still works through that session. - Chris On Wed, Nov 9, 2011 at 4:30 AM, Stephen Bayliss <stephen.bayl...@acuityunlimited.net> wrote: > I'm using Fedora with the embedded Tomcat, FeSL AuthN and AuthZ. > > I modified my fedora-users.xml (changed admin password), but after a server > restart it won't accept the new password and is still accepting the old one. > > I removed $CATALINA_HOME/work/Catalina/localhost/fedora/SESSIONS.ser and now > it's fine - it looks like the fedora-users.xml was being cached there. > > Can anyone reproduce? Not sure if it is something weird with my > installation or if we have a problem here. > > Steve > ------------------------------------------------------------------------------ > RSA(R) Conference 2012 > Save $700 by Nov 18 > Register now > http://p.sf.net/sfu/rsa-sfdev2dev1 > _______________________________________________ > Fedora-commons-users mailing list > Fedora-commons-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users > > ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
