On 01/12/2019 23:04, Mark Thomas wrote:
I'm with you. And likely our setup is special in a way. However, I've
rarely seen that you have to re-enter credentials in a professional web
application like Google or Facebook, for example.
Yes. But if those apps were running on Tomcat I doubt that
On 29/11/2019 11:48, Klein, Carsten wrote:
> However, we are developing Ajax-driven
> B2B client applications, which terminate / end the session when they
> detect loss of authentication. Technically, these apps periodically send
> keep-alive messages to the server (in order to keep the session
On 28/11/2019 10:20, Mark Thomas wrote:
On 28/11/2019 08:03, Klein, Carsten wrote:
Hi there,
Thanks for answering my questions. See my remarks inline:
in all recent Tomcat versions the standard session implementation
declares authentication related fields as 'transient', so both the
session
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Carsten,
> in all recent Tomcat versions the standard session implementation
> declares authentication related fields as 'transient', so both the
> session's authType as well as it's authenticated Principal is not
> saved and restored across resta
On 28/11/2019 08:03, Klein, Carsten wrote:
> Hi there,
>
> in all recent Tomcat versions the standard session implementation
> declares authentication related fields as 'transient', so both the
> session's authType as well as it's authenticated Principal is not saved
> and restored across restarts