We are using Tomcat 5 for development. The authentication mechanism works as follow:
A filter intercepts each reqest to check if it is a login request. If it is an authentication request, it is validated and in case of success, a bean is filled and attached to session. The servlet checks whether this bean exists in the session for authentication.
Whenever the web application is restarted from manager web app or by autodetection of changes due to setting reloadable=true in context, The bean becomes null.
To my understanding, tomcat should preserve sessions when application is restarted without restarting tomcat itself. Is there any special reason for not keeping beans between web application restarts?