tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Roberts <techi...@ait-web.com>
Subject Re: JDBCRealm - Session not timing out
Date Thu, 10 Jul 2003 17:55:33 GMT
 > I'm not entirely sure about Form AUTH, but Basic AUTH doesn't use
 > sessions.  The browser caches the login information provided and
 > re-sends it on each request.  So, there is no real "time out" for Basic
 > AUTH.  The only equivalent would be to close all open browsers.  This
 > deletes the cache of the Basic AUTH credentials forcing the user to
 > re-enter it once a new browser is opened and the protected web site is
 > re-visited.

And that is exactly why Basic AUTH is unacceptable.  The only way to login-in 
with different user credentials is to kill all instances of your browser.

I have seen references (hints) about invalidating the session to force a 
re-login.  However; I can not find any information that explains how / when the 
session is created or how I can use that session.

(I use frequently use session objects and am familiar with how they work, but 
using JDBCRealm is new to me)

When I set up for Form AUTH and navigate to the test URL, I see the following:

http://localhost/hd/login.jsp;jsessionid=9385A2CD74946FCFF922CC327699E22E

Which seems to indicate that a session has been created.

Now, if it has been created, how can I use it?  I would like to add my objects 
to the session object.

-- 
*******************************************
* Rick Roberts                            *
* Advanced Information Technologies, Inc. *
*******************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message