I have tried with tracking-mode, but still does not work. After the session is serialized tomcat shows login page, giving me no chance to execute a webFilter or whatever so I could just perform a request.login() with the user and password. SessionListener won't work either as the session is not really destroyed, I guess.
I'll try the same in a plain tomcat to see what's going on (or just give up declarative security...) Best regards, Vicente. -- View this message in context: http://tomee-openejb.979440.n4.nabble.com/Session-passivation-and-remote-user-tp4671464p4671473.html Sent from the TomEE Users mailing list archive at Nabble.com.
