How would I know if I was or wasn't using sessions? Maybe I don't understand the use of the term correctly. What is the default? I can check the config
-----Original Message----- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 5:48 PM To: Tomcat Users List Subject: Re: Principal caching with authentication On Tue, 13 Nov 2001, Bongiorno, Christian wrote: > Date: Tue, 13 Nov 2001 17:49:40 -0500 > From: "Bongiorno, Christian" <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: 'Tomcat Users List' <[EMAIL PROTECTED]> > Subject: Principal caching with authentication > > Here is something else I am wrestling with. When a user hits a protected > page and authenticates, subsequent authentication requests for every page > clicked on occurs. I have been reading that there is some sort of caching > going on, but I still have my authenticate() method called even-though the > user has been validated as having access roles for that session. So, maybe > once again I am missing it, but, I could cache the credentials on my own if > I could get a session timeout event and the Principal it was using for that > session. I could just do a quick lookup on the principal to see if I have it > already -- if so return it, else get a new one. > > > Am I thinking correctly? > In Tomcat 4, the standard Authenticators cache authenticated principals in the current session, ***if*** there is one (and assuming you do not turn it off with configuration options). In the absence of sessions, your Realm.authenticate() method will get called on every request. It is also common to see your authenticate() method called twice, even when using sessions, if the session hasn't been created yet when authentication occurs. But beyond that, as long as you're using sessions, the authenticated Principal will be cached and reused throughout the life of this session. > Chris > Craig -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
