struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: Realm authentication & password change
Date Mon, 17 Nov 2003 12:45:17 GMT
On 11/17/2003 12:43 PM Grassi Fabio wrote:
> I'm using Tomcat User Database Realm authentication with a Struts
> application. It all works fine *but* I would like to give my users the
> ability to change their password. The problem is that once the password
> is changed in my RDBMS, Tomcat keeps the old password in memory until
> restarted. So the unlucky user who has changed the password gets
> prevented from logging in again.

Hi Fabio,
I don't think that is quite correct. As far as the docs go, the info is 
kept for the duration of the session. So you have to invalidate the 
user's session and force them to log in again.


struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message