I'm in a very early experimental state concerning this application. There is nothing in the session but a single String (for testing). And you're right, the same sessionid is comming from the client, but tomcat has forgotten which user/principal is associated with the session (which is otherwise in the exact-same state as before the server restart).
Oh! I get it. Your session is still around, but you're being challenged for your username and password again. Have you tried checking to see if your session still has the String after a re-login?
It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense?
But I'm still a little perplexed that so much effort is necessary. At the beginning I suspected that this should be part of persistence, too. Did you ever try PersistentManager with Tomcat 4.1 and container based authentication? Did your setup behave differently?
I never did anything like this. I suspect that Tomcat loses its authentication mappings on a restart. I also suspect that your session will still be full even if you have to re-login.
-chris
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
