Caldarale, Charles R wrote:
From: Mohammad M. AbuZer [mailto:m.abuze...@gmail.com]
Subject: How to serialize user principle
Is there anyway that force tomcat to serialize user
Principle so that when tomcat webapp get reloaded or
even tomcat restarted, logged in users won't be asked
to login again...
That normally happens automatically (as long as the session hasn't expired), so
the real question is what did you change to disable the standard behavior?
While you're at it, tell us the Tomcat version you're using, and the <Realm>
you have configured for authentication.
I think that you also should be more clear about what you would really like to
achieve.
As far as I know, the Tomcat (container-managed) authentication is based on the user
session, and the persistence of a session is linked to the JSESSIONID cookie which Tomcat
sends to the browser; and as far as I know this JSESSIONID cookie, by default, only lasts
for the duration of a web browser session.
So, independently of whether Tomcat saves and persists the sessions across a webapp reload
or a Tomcat restart, if the user close and re-open their browser, their session will be
lost, and so will their authentication.
If your goal is that users need to login only once during any day, then you should look at
some Single-Sign-On mechanism, external to Tomcat.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
