Hello, I'm creating a new app under Tomcat 9.0.8 (local dev: windows, live servers: linux).
I have successfully created a custom JAAS authentication, which works just fine. I have SSO enabled at the moment, but not sure if I really need it. I left the default StandardManager config in place, I do see the SESSIONS.ser get created upon a shutdown and I see it get removed upon startup, so I'm assuming it's reading it in... I'm expecting that once a user authenticates with the JAAS module one time, and has a valid session, if I restart tomcat on the backend, that user will NOT need to re-authenticate, but it appears to be kicking them back to the login screen after the restart, and it's not accepting their JSESSIONID cookie value, it's giving them a new one upon hitting a secured resource. >From what I've read, I believe that JAAS can cache an authenticated session, but it doesn't appear to be working for me. Is there something I'm missing? Also, I'm using form-login. Thank you, Tim