It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense?
That's my problem exactly. I don't think that it makes any sense either. The only explanation seems to be that the container based authentication in Tomcat 4.1 has been implemented without session persistence in mind.
I don't quite see it that way. Since the user credentials are not part of the session, then session persistence has nothing to do with it. In fact, I'd argue that the session does persist, just not your creds. You have to re-login, but you'll end up with everything back in your session, so it shouldn't be a big deal, right?
I'm afraid I will have to change to application based authentication after all.
So, then you'll just check the session for creds? That sounds reasonable, but then you have to write it yourself :(
Why do you need sessions to be persisted across restarts in production? How often do you think you'll be re-starting Tomcat while the application is running in the wild?
-chris
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
