Yes, the default catalina caching policy allows for this behavior. xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx ----- Original Message ----- From: "jfc" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 28, 2002 3:56 AM Subject: Re: [JBoss-user] bundled tc4/jetty not remembering previous authentication in single session
> Thanks for that, Scott! > > I wonder what it was about 243+40 which made the authentication info > available to the bundled web container on subsequent requests - was it a > different caching policy? > > Cheers > Joe > > Scott M Stark wrote: > > >This is not a bug. It is legitimate behavior per the servlet specification and > >tomcat standalone will exhibit this if you turn off caching in the >FormAuthenticator: > > > > <Valve className="org.apache.catalina.authenticator.FormAuthenticator" > > debug="3" cache="false"/> > > > >The bundled tomcat turns caching off because it conflicts with the stateless > >propagation of credentials from servlets to ejbs. Until the servlet spec defines > >how authentication information must be propagated in a session any content > >that needs to know the authenticated user must be secured or you have to > >maintain this yourself in the session. > > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
