I note that StandardSession has notes on the authType and principal indicating that they are not included in the serialised form of the object, but no explanation of this choice is obvious. I also have the impression that there's some see-sawing on this; the limitation is present in 4.1.31 and 5.0.30, but some Googling shows this up in the 5.0.20 changelog:
Avoid serializing Subject/Principal when persisting the session (jfarcand) Can someone explain why (or point me at an existing explanation that I've missed)? Thanks. - Raz --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
