On 01/12/2019 23:04, Mark Thomas wrote:
I'm with you. And likely our setup is special in a way. However, I've
rarely seen that you have to re-enter credentials in a professional web
application like Google or Facebook, for example.
Yes. But if those apps were running on Tomcat I doubt that
On 29/11/2019 11:48, Klein, Carsten wrote:
> However, we are developing Ajax-driven
> B2B client applications, which terminate / end the session when they
> detect loss of authentication. Technically, these apps periodically send
> keep-alive messages to the server (in order to keep the session
On 28/11/2019 10:20, Mark Thomas wrote:
On 28/11/2019 08:03, Klein, Carsten wrote:
Hi there,
Thanks for answering my questions. See my remarks inline:
in all recent Tomcat versions the standard session implementation
declares authentication related fields as 'transient', so both the
session
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Carsten,
> in all recent Tomcat versions the standard session implementation
> declares authentication related fields as 'transient', so both the
> session's authType as well as it's authenticated Principal is not
> saved and restored across resta
On 28/11/2019 08:03, Klein, Carsten wrote:
> Hi there,
>
> in all recent Tomcat versions the standard session implementation
> declares authentication related fields as 'transient', so both the
> session's authType as well as it's authenticated Principal is not saved
> and restored across restarts
Hi there,
in all recent Tomcat versions the standard session implementation
declares authentication related fields as 'transient', so both the
session's authType as well as it's authenticated Principal is not saved
and restored across restarts.
On those fields there is a comment that clearly