If you are using container managed security(such as form authentication), those contraints are executed before the filter chain is ever made.
(Otherwise) I am unsure of the semantics of getId() without re-reading the javadocs or the spec.
-Tim
Johann Uhrmann wrote:
Hello,
I am writing a single-sign-on filter that uses cookies and a request-wrapper in order to fake a form-based login in case the user is already authenticated in another web application.
The filter needs some internal structures to perform the single-sign-on process, e.g. a map that associates the logon name with all active sessions of the user.
When I try to get the id of those session objects, they sometimes return null.
Are the ids of expired sessions set to null in Tomcat 4.1.27? If yes, is there a way to retrieve the former session ids?
Thank You,
Hans
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
