You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Scott, Shannon" <Sh...@maine.gov> on 2016/03/21 20:07:35 UTC

JAASRealm does not trigger HttpSessionListener events

I have a JAASRealm that I'm using with some legacy authentication/authorization code that requires the session id.
In tomcat the JAAS Login Module does not have access to the HTTPSession.  A new session is created after the Login Module commits (so using a valve to access the session does not work). I am trying to use a HttpSessionListener with the JAAS Login Module, but the sessionCreated, and sessionDestroyed methods are never triggered.
Is that intentional?  Are there other ways a session could be created without triggering the HttpSessionListener?
Thank you in advance for any constructive help, pointers or advice.
S