Humm. To be 'logged in' is to have a 'principal'
StandardSession.java declares it's principal like this
/**
* The authenticated Principal associated with this session, if any.
* bIMPLEMENTATION NOTE:/b This object is inot/i saved and
* restored across session
Well that's a shame. This feature seemed to work in eg. Resin, and it's
very convenient. Is there some reason to this behaviour in Tomcat?
But if this isn't going to change, maybe the docs should reflect this.
From Realm HOW-TO (under JDBCRealm Additional notes):
==
# Once a user has been
