https://github.com/cklein05/tomcat/pull/1/files
Remy: Thank you for the feedback, but please see the other threads about this. The feature is not there right now because not everyone can/wants to use the Delta Session Manager. For instance, we do _not_ want a p2p architecture as they create scalability problems with the one-to-many problem. The session boils down to a key-value store, and there are some very nice network enabled key-value stores in existence; cassandra, redis, couchdb, memcached, et all. Tomcat's point-to-point replication options aren't sufficient in many cases, which is why there ought to be an option to allow this. For older versions of tomcat, I'd suggest adding an additional option that causes GenericPrincipal to drop the password after authentication is complete, by default if persistAuthentication is enabled, which alleviates your concern. On Tue, Feb 18, 2020 at 10:13 AM Carsten Klein <c.kl...@datagis.com> wrote: > > Open the pull request in your own fork... this link should work: > > > https://github.com/cklein05/tomcat/compare/cklein05:master...cklein05:session-manager-persist-authentication?expand=1 > > Done. > > Carsten > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Jonathan | exabr...@gmail.com Pessimists, see a jar as half empty. Optimists, in contrast, see it as half full. Engineers, of course, understand the glass is twice as big as it needs to be.
