I note that in recent versions of Tomcat (e.g. 7.0.23), the session id
changes when you do a form-based authentication.
I do not see any sort of notice via anything one can listen to via the
servlet API to receive notice of this change.
This makes things rather ugly if one is monitoring the sessions oneself
-- as their identity changes out from under you without any notice.
Am I missing something here? [Yes, I note the container event, but that
necessitates Tomcat-specific code, etc -- especially given that this
isn't fired as a JMX notification anywhere that I can see.]
--
Jess Holle
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
