Chris, > So, then you'll just check the session for creds? That sounds > reasonable, but then you have to write it yourself :(
That's why I wanted to avoid it (beside other things). > How often do you think you'll be re-starting Tomcat while the > application is running in the wild? That is totally up to my employer. Since we are a dynamic company changes could happen often. At least more often than I would like to confront my users with a mysteriously broken session. I'm now working on a solution involving overriding the RequestProcessor class of the struts framework. There you can place (or override) a hook checking for user credentials. Then one can define restrictions/constraints directly with the struts actions. If the whole application consists only of struts actions, this seems to be a stable and quite convenient solution. Greetings Andreas Mohrig -----Original Message----- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 1:59 PM To: Tomcat Users List Subject: Re: AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29 Andreas, >> It's possible that you'll still have the same session, but you'll >> just have to re-login. Does that make any sense? > > That's my problem exactly. I don't think that it makes any sense > either. The only explanation seems to be that the container based > authentication in Tomcat 4.1 has been implemented without session > persistence in mind. I don't quite see it that way. Since the user credentials are not part of the session, then session persistence has nothing to do with it. In fact, I'd argue that the session does persist, just not your creds. You have to re-login, but you'll end up with everything back in your session, so it shouldn't be a big deal, right? > I'm afraid I will have to change to application based authentication > after all. So, then you'll just check the session for creds? That sounds reasonable, but then you have to write it yourself :( Why do you need sessions to be persisted across restarts in production? How often do you think you'll be re-starting Tomcat while the application is running in the wild? -chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
