tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gr√ľneberg <>
Subject Question on Container Managed Authorization in Tomcat
Date Thu, 29 Jan 2004 15:31:44 GMT
Hello togehter,

I have a question on Container Managed Authorization in Tomcat.
I read the actual ServletSpec but could not find a clear answer 
to my problem.

Did I understand the Servlet Spec SRV. right that when I 
use FORM Authentication my 'auth-lifetime' is tied to my session 
so I have to logon again when the session expired or when I call 
session.invalidate()to perform a logout?

Is it also right that when I use one of the other Auth-Methods (BASIC,
DIGEST...) the Authentication is not bound to my session lifetime?
When so, how can I perform an explicit logout for those Methods?
How could I tie session-lifetime and auth-lifetime together in all 


Martin Gr√ľneberg


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message