We appear to have an intermittent problem in that updates made by Hibernate are not seen by Tomcat when it tries to validate a userid/password combination. I do not believe it is really a Hibernate problem, but certainly could impact other Tomcat/Hibernate users.

Our webapp uses Hibernate 2.02, MySQL 4.0.12 and Tomcat 4.1.24 on SPARC Solaris 8. We are using Tomcat container managed authentication for logon and authorization - we use the JDBCRealm. Looking at the Tomcat source, it appears that the JDBCReal obtains a new connection for each authentication request - so I really do not understand how it could get old values from MySQL.

Our application uses a separate JNDI datasource for Hibernate to update/manage the user and role tables that the JDBCReal is pointed to in Tomcat's server.xml file. We have JCS caching users as "read-write".

When setting up a new user or changing an existing users password, it can take a long time before that password becomes effective (around an hour) - but not always. If I look at the database the password has changed and the new value is being used by the login servlet (SHA encryption is used).

Our logoff link does a servlet "session.invalidate()", but on top of that we are completely shutting down the browser and trying to logon with the new password - no joy!

I've posted to my hosting provider, the Tomcat mailing list and Struts-Resume forum. Have gotten some good ideas, but no solution yet.

Any idea why this could happen?

Thanks - Richard