Kyle Wayne Kelly
(504)391-3985
http://www.cs.uno.edu/~kkelly
----- Original Message -----
From: "Michael Wentzel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 06, 2001 6:13 AM
Subject: RE: JDBC Realms
> > You could store the password in the session. When the user
> > changes his or
> > her password, just update the session information.
> >
>
> Advantage: You don't lose existing session data
> Disadv : You're not actually re-authenticating
(not really authenticating, you lost me)
>
> > >
> > > If you're using FORM based authentication I believe you could do
> > > a request passing with a username and new password passed in URL
> > > as j_username and j_password to j_security_check. Haven't tried
> > > this myself but it's worth a try.
>
> Advantage: You're actually re-authenticating
> Disadv : You will lose existing session data and start with new session
>
> It all depends on exactly what you're trying to accomplish and which
> method best fits your needs.
>
>
> ---
> Michael Wentzel
> Software Developer
> Software As We Think - http://www.aswethink.com
