sound a lot like BASIC authentication. If so, then Orion's behavior is as
defined by the spec, and presents the same behavior than IIS, Apache and
Netscape Enterprise
> -----Original Message-----
> From: Trujillo, Kris [mailto:[EMAIL PROTECTED]]
> Sent: Viernes, 31 de Agosto de 2001 18:11
> To: Orion-Interest
> Subject: Additional invocations to the UserManager
>
>
>
> I have written a custom UserManager and have setup
> security-constraints
> against several JSPs in my application...everything works
> great..almost.
> I'm noticing that after the user has successfully been
> authenticated that my
> UserManager is being recalled for every page request made by
> the user. The
> difference being that the user is not reprompted to enter a
> username and
> password. The problem with this is that it causes a lot of additional
> overhead because the user is reauthenticated and has the
> group checking
> revalidated for every request. Is it possible to setup Orion
> so it won't
> behave this way? It seems like once the user has been
> authenticated once
> that they should not be reauthenticated until their session
> has expired.
>
> Thanks
>