tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gr√ľneberg <martin.grueneb...@active-group.de>
Subject Question on Container Managed Authorization in Tomcat
Date Thu, 29 Jan 2004 15:31:44 GMT
Hello togehter,

I have a question on Container Managed Authorization in Tomcat.
I read the actual ServletSpec but could not find a clear answer 
to my problem.

Did I understand the Servlet Spec SRV.12.5.3.1 right that when I 
use FORM Authentication my 'auth-lifetime' is tied to my session 
so I have to logon again when the session expired or when I call 
session.invalidate()to perform a logout?

Is it also right that when I use one of the other Auth-Methods (BASIC,
DIGEST...) the Authentication is not bound to my session lifetime?
When so, how can I perform an explicit logout for those Methods?
How could I tie session-lifetime and auth-lifetime together in all 
Auth-Methods?

greetings 

Martin Gr√ľneberg




 






---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message