> You could store the password in the session. When the user
> changes his or
> her password, just update the session information.
>
Advantage: You don't lose existing session data
Disadv : You're not actually re-authenticating
> >
> > If you're using FORM based authentication I believe you could do
> > a request passing with a username and new password passed in URL
> > as j_username and j_password to j_security_check. Haven't tried
> > this myself but it's worth a try.
Advantage: You're actually re-authenticating
Disadv : You will lose existing session data and start with new session
It all depends on exactly what you're trying to accomplish and which
method best fits your needs.
---
Michael Wentzel
Software Developer
Software As We Think - http://www.aswethink.com
