Howdy, trying to solve an issue before heading out for the weekend, any insight would be greatly appreciated :-)
>From my understanding of the CMA docs for Tomcat, a user's credentials are cached after login, and a user is authenticated until the session expires (FORM) or the browser is restarted (BASIC, etc.). However, the docs don't mention the expected behavior if the container or individual context is reloaded. I'm using FORM-based login. My sessions are set to expire after 30 minutes. Sessions are serialized. But if I reload the context even before the session is expired, I'm redirected to my login page if I request any protected resources after the reload. The session is still valid, because I'm not assigned a different session id - the same one is somehow "blessed" again. I would think that since the docs state that "logged in" status is tied to the session, a user would remain logged in until the session expires or is invalidated. Is there a switch I'm missing to save the "logged in" status? Or is this the designed behavior according to the Sevlet spec? Thank you very much, -Sasha --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
