In tomcat 5.0.29, when I shutdown and restart the appl thru the Manager, the
HttpSession objects are NOT destroyed while the appli's ServletContext IS
(together with other info like the set of Principal's). Keeping the
HttpSessions could be a good feature for maintaining the state of the web
a
According to servlet spec, the only way to tell if a request has been
authenticated is request.getUserPrincipal() returning a non-null Prinicpal
object. Is it possible to obtain such an object from the current HttpSession
instead? Or, I should say is there any facility provided by Tomcat to co