If a user is logged in (by using FORM auth), and tomcat is restarted,
the logged in status for the user is forgotten, even though the
session and session attributes are remembered.
Apparently the status is not stored in the session (but in a HttpRequest note)?
Is this a feature, or is there
Humm. To be 'logged in' is to have a 'principal'
StandardSession.java declares it's principal like this
/**
* The authenticated Principal associated with this session, if any.
* bIMPLEMENTATION NOTE:/b This object is inot/i saved and
* restored across session
Well that's a shame. This feature seemed to work in eg. Resin, and it's
very convenient. Is there some reason to this behaviour in Tomcat?
But if this isn't going to change, maybe the docs should reflect this.
From Realm HOW-TO (under JDBCRealm Additional notes):
==
# Once a user has been