- Extend JDBCRealm for your functionality. - Make the user close their webbrowser to force a new session - Invalidate the session which should get rid of the cached Principal stuff
I think one of the latter 2 should work (I hope)
-Tim
Richard Mixon (qwest) wrote:
For some reason changes to a user's password take about a half hour to become effective. I can query the database using the MySQL command line client and see the changed password. We use SHA encryption/encoding. I can also turn on a log message in my login servlet and see that the encoded value that my login servlet puts in j_password before redirecting to j_security_check also matches the value in the database.
Its frustrating to say the least. We could make up a good story of how this is really a security feature for our customers - but they'd much rather be able to login quickly after having a password reset.
We are using container managed authentication with our web application, using the JDBCReal. We use Tomcat 4.1.24 on Solaris 8 with j2sdk1.4.1_01. We are using MySQL 4.0.12.
Turning up the verbosity level for logging does not seem provide a means for showing what JDBCReal is getting back from the database. I've also looked in the JDBCReal.java source - but my hosting provider does not really want me putting a user-built version of Tomcat on the machine I'm on.
Thanks in advance for any ideas/suggestions/solutions.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
