You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by e-Denton Subscriber <su...@e-denton.com> on 2005/03/30 16:05:27 UTC

isUserInRole

I see that the session object is stored in the request object
(request.getSession).  And, I suppose, the methods such as isUserInRole from
the request are actually querying the stuff from the session object. So, if
the session is gone (invalidated), then there is no authorization info. Does
this mean the authorization info is kept in the session object?


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org