For some reason changes to a user's password take about a half hour to become effective. I can query the database using the MySQL command line client and see the changed password. We use SHA encryption/encoding. I can also turn on a log message in my login servlet and see that the encoded value that my login servlet puts in j_password before redirecting to j_security_check also matches the value in the database.
Its frustrating to say the least. We could make up a good story of how this is really a security feature for our customers - but they'd much rather be able to login quickly after having a password reset. We are using container managed authentication with our web application, using the JDBCReal. We use Tomcat 4.1.24 on Solaris 8 with j2sdk1.4.1_01. We are using MySQL 4.0.12. Turning up the verbosity level for logging does not seem provide a means for showing what JDBCReal is getting back from the database. I've also looked in the JDBCReal.java source - but my hosting provider does not really want me putting a user-built version of Tomcat on the machine I'm on. Thanks in advance for any ideas/suggestions/solutions. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]