> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: SSL Session Caching
> OP reports that a new SmartCard is being inserted and either the old > session persists (and the new user is allowed to masquerade as the old > user) or the new user is not authenticated but still allowed to access > their own resources. Sounds like the former, but it's worth asking. Which still indicates that the _client_ isn't reacting to the smartcard being swapped for another one. Not much the server (Tomcat) can do about that, other than force re-authentication on every access (which would introduce another set of issues). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org