1 Reply Latest reply on Jul 30, 2004 9:26 AM by stueccles

    JBoss 3.2.5 - Persistent Sessions and JAAS Integrated securi

    Bryan Feld Newbie

      I am using JBoss 3.2.5 with Tomcat 5. I am using integrated container-managed security, by way of a DatabaseServerLoginModule. Tomcat serves this by way of FORM-based security.

      When Tomcat 5 persists sessions (e.g. when I re-deploy an EAR file), it appears that everyone's security credentials are lost (e.g. not persisted/reloaded). However, the rest of their "session attributes" are correctly persisted and reloaded. They get sent back to the FORM-based login page, and after logging in, their session is back where it was.

      The desired functionality however, is for Tomcat to persist the security credentials too, so that users never experience any hiccup at all.

      Can someone please tell me what I'm doing wrong?