Hi, As part of a way to prevent concurrent login, and to re-assign a session back to a request based on JWT token (for clients that cannot pass us cookies), we need to access to the 'findSession' and 'findSessions' in org.apache.catalina.Manager.
Is it true the only way to get the manager using ServletContext.getManager() is by using privileged="true" in the context.xml? Are there any implications in setting privileged="true" if we have full control to restrict what servlets or jsp or codes are running in our webapp? Thanks. Regards, Kok Hoor