> The behaviour is configurable. Set the changeSessionIdOnAuthentication > attribute to false on the FORM authenticator valve
Hm, ok. I do not use tomcat's auth mechanisms. I use spring security. Something must have changed between TC 6.0 and 7.0. And I have no idea what... --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org