tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Curwen" <>
Subject RE: JDBCRealm - Session not timing out
Date Thu, 10 Jul 2003 17:40:24 GMT
> -----Original Message-----
> From: Jacob Kjome [] 
> Sent: Thursday, July 10, 2003 12:29 PM
> To: Tomcat Users List
> Subject: RE: JDBCRealm - Session not timing out
> Basic AUTH gets resent automatically, you'd just start 
> them over with a 
> new session.  Don't make any assumptions that Basic AUTH and the 
> HttpSession know anything about each other.

My assumption was that the container is sufficiently intelligent enough
to recognize that the credentials as sent are from an expired session
(ie: this particular container *does* relate sessions to
authentications).  But as you say, if there is no built-in way to get a
browser to re-prompt for new Basic AUTH credentials if it already has a
set for that domain, then we're SOL, and we're better off going with
FORM if you want to tie authentication with sessions (which seems
natural for some applications).

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message