On Fri, 5 Apr 2002, Bill Gibbs wrote:
> Date: Fri, 5 Apr 2002 09:12:16 -0500
> From: Bill Gibbs <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Realm Authentication lost when tomcat is restarted
>
> I have a JDBCRealm setup that works great. I can log in, it protects the
> resource I specified.
>
> But when I stop, then start tomcat, I lose the authentication and have to
> relogin.
>
Yep. The sessions (and any serializable attributes) are saved across
restarts (even without setting up the persistent manager and file store),
but the fact that you've logged in is not. I would consider it a security
risk to change this design.
One workaround to this would be to use BASIC authentication (at least for
development). This succeeds because the browser keeps sending the
credentials with every request, so it automatically logs back on for you.
Of course, you can't log off by invalidating the session if you do this,
but ...
Craig
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
