https://bz.apache.org/bugzilla/show_bug.cgi?id=60854
--- Comment #7 from Jan Engehausen <smurf...@gmail.com> --- I am using org.apache.catalina.authenticator.BasicAuthenticator directly with default settings (cache="true" and changeSessionIdOnAuthentication="true"). com.example.SessionBehaviorIT.testDemonstrateProtectedServlet() shows the issue. Running "mvn verify" is enough. You could also start Tomcat via "mvn tomcat7:run" and then execute testDemonstrateProtectedServlet() in some IDE. https://github.com/smurf667/test-tomcat-session/blob/master/src/test/java/com/example/SessionBehaviorIT.java#L52-L55 https://github.com/smurf667/test-tomcat-session/blob/master/src/test/tomcat7/server.xml#L23-L24 I have understood that cache="false" will cause each request to get a new session ID cookie, this case can be safely ignored. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
