Well that's a shame. This feature seemed to work in eg. Resin, and it's very convenient. Is there some reason to this behaviour in Tomcat?
But if this isn't going to change, maybe the docs should reflect this. >From Realm HOW-TO (under JDBCRealm Additional notes): == # Once a user has been authenticated, the user (and his or her associated roles) are cached within Tomcat for the duration of the user's login. (For FORM-based authentication, that means until the session times out or is invalidated; for BASIC authentication, that means until the user closes their browser). == -km Bob Herrmann writes: > > Humm. To be 'logged in' is to have a 'principal' > StandardSession.java declares it's principal like this > > /** > * The authenticated Principal associated with this session, if any. > * <b>IMPLEMENTATION NOTE:</b> This object is <i>not</i> saved and > * restored across session serializations! > */ > private transient Principal principal = null; > > > I don't know of any effort to change this behavior in Tomcat. > > Cheers > -bob > > On Tue, 2002-09-10 at 17:54, Kristoffer Michael wrote: > > > > If a user is logged in (by using FORM auth), and tomcat is restarted, > > the "logged in" status for the user is forgotten, even though the > > session and session attributes are remembered. > > Apparently the status is not stored in the session (but in a HttpRequest note)? > > > > Is this a "feature", or is there going to be work on it in the future? > > > > BTW, using SSO cookies doesn't seem to help (don't know if this is related). > > > > -km > > > > > > -- > > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- > Cheers, > -bob > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
