Humm. To be 'logged in' is to have a 'principal'
StandardSession.java declares it's principal like this
/**
* The authenticated Principal associated with this session, if any.
* <b>IMPLEMENTATION NOTE:</b> This object is <i>not</i> saved and
* restored across session serializations!
*/
private transient Principal principal = null;
I don't know of any effort to change this behavior in Tomcat.
Cheers
-bob
On Tue, 2002-09-10 at 17:54, Kristoffer Michael wrote:
>
> If a user is logged in (by using FORM auth), and tomcat is restarted,
> the "logged in" status for the user is forgotten, even though the
> session and session attributes are remembered.
> Apparently the status is not stored in the session (but in a HttpRequest note)?
>
> Is this a "feature", or is there going to be work on it in the future?
>
> BTW, using SSO cookies doesn't seem to help (don't know if this is related).
>
> -km
>
>
> --
> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
--
Cheers,
-bob
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
