First of all thanks for replying... Actually i am authenticating user based on session attribute. i.e if user name is present in session. As u said told abt 'sessions being serialized' can i know more about this..or how can i avoid it??
Regards. dd On Fri, 19 Aug 2005 Laurie Harper wrote : >d d wrote: >> I am working on a struts web application with oracle as back end.I use >> tomcat. I am using filter so that if user has not logged in he cannot access >> any of the pages.I have a problem for logging.. >>I login into my application..Use the application..Now if suddenly i close >>Tomcat Server.. and restart it ..and refresh my old page..it continues to >>work. >>This perticularly happens if there is a action in url.. >>e.g address bar has. "http/localhost:8080/web/app/ss.do" and the server is >>restarted, filter does not work..and page continues to flow. >> and if address bar contains "http/....../ss.jsp" filter works and user is >> forced to login. >> I havent judged the exact problem yet .Can anyone help me? > >How are you performing authentication? If you're using HTTP Basic >authentication, a restart of Tomcat wont clear the user's credentials from the >browser so subsequent requests will continue to authenticate as you're seeing. >Alternatively, if you're relying on data stored in the session to determine if >the session has been authenticated, you may see this as a result of sessions >being serialized to disk on Tomcat shutdown and reloaded on subsequent >requests. > >In other words, without knowing more about your authentication scheme it's >impossible to say if this behaviour is 'wrong' or not. Perhaps you could post >the filter code you're using? > >L. >-- Laurie Harper >Open Source advocate, Java geek: http://www.holoweb.net/laurie >Founder, Zotech Software: http://www.zotechsoftware.com/ > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >
