Hi, I would like Tomcat avoiding to access the DB for EVERY ACCESS to a reserved page. I think the best way to do this (apart from upgrading to Tomcat 4.0 !!) is to store the login info, or maybe just a flag "I'm authenticated", in the session object. Does anyone already made something similar ? Should I only redefine methods in my Realm object ? Is there some security issue I'm not taking care of ?? Thanks
Renato
