Hi, how often do you invalidate your sessions? It's hard to imagine your application would expire a user's session right after he logs in. But take a look at the request header to see if the subsequent session ids are the same as the first one. Other than that, without more specific info on how you implemented the authentication, it's hard to figure out what's going on:).
-Yan -----Original Message----- From: Winter, G (Graeme) [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 07, 2004 7:46 AM To: 'Tomcat Users List' Subject: request.getUserPrincipal(); Hi All, I am trying to perform client authentication using certificates, and I have made some progress - the certificates are now accepted as OK, which is nice. Obviously I am using https too... However, the sting is that the methods request.getAuthType(); request.getRemoteUser(); request.getUserPrincipal(); All return NULL, which is contrary to the documentation, since I know the user (i.e. me) has authenticated. clientAuth="true" in server.xml. Anyone else out there had this problem, and more to the point found a solution? Cheers, Graeme --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
