On Mon, Jul 30, 2018, 4:26 AM Felix Schumacher < felix.schumac...@internetallee.de> wrote:
> Am 27.07.2018 13:36, schrieb Tim K: > > Hello, > > > > I'm creating a new app under Tomcat 9.0.8 (local dev: windows, live > > servers: linux). > > > > I have successfully created a custom JAAS authentication, which works > > just > > fine. > > > > I have SSO enabled at the moment, but not sure if I really need it. > > > > I left the default StandardManager config in place, I do see > > the SESSIONS.ser get created upon a shutdown and I see it get removed > > upon > > startup, so I'm assuming it's reading it in... > > > > I'm expecting that once a user authenticates with the JAAS module one > > time, > > and has a valid session, if I restart tomcat on the backend, that user > > will > > NOT need to re-authenticate, but it appears to be kicking them back to > > the > > login screen after the restart, and it's not accepting their JSESSIONID > > cookie value, it's giving them a new one upon hitting a secured > > resource. > > > > From what I've read, I believe that JAAS can cache an authenticated > > session, but it doesn't appear to be working for me. Is there > > something > > I'm missing? Also, I'm using form-login. > > Are your Principal classes serializable? > Do you see any Exceptions in the log files when you restart Tomcat? > > Regards, > Felix > > > > > Thank you, > > > > Tim > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > No exceptions in log. And it doesn't work even when I don't store > anything within the session.