I was also scrapping the password - used j_userbane and j_passwd for database access.
Any hints on that one? ----- Original Message ----- From: "Craig R. McClanahan" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Tuesday, August 13, 2002 10:41 PM Subject: Re: j_username in session cookie - where did it go? > > > On Tue, 13 Aug 2002, Ed Thompson wrote: > > > Date: Tue, 13 Aug 2002 21:57:53 -0400 > > From: Ed Thompson <[EMAIL PROTECTED]> > > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > > To: Tomcat Users List <[EMAIL PROTECTED]> > > Subject: j_username in session cookie - where did it go? > > > > I have just upgraded (uninstalled and reintsalled) from Tomcat 3.2 to > > Tomcat 4.0.4. > > > > I am using form based authentication, and found under 3.2 I could pull > > j_username out of the session cookie after authenticaion was done. > > > > That's not how it really worked under 3.2, although if you are using BASIC > authentication you could decode the username out of the "Authorization" > header. > > > Now under Tomcat 4 it doesn't seem to be there. I know I tried it under > > Tomcat 4.0.1 before I upgraded and it worked, but not after uninstalling 3.2 > > and installing 4.0.4 from scratch.. > > > > Can anyone shed light on what is (not) happening? Have the rules changed or > > have I not cfg'd something properly? > > > > The portable way to get ahold of the authenticated username is to call > request.getRemoteUser(). See the servlet spec for more details on > container managed security: > > http://java.sun.com/products/servlet/download.html > > > Thanx! > > Ed > > Craig > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>