tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From umeshkavade <umeshkav...@yahoo.co.in>
Subject Form Based Authentication creates user session before it is authenticated?
Date Sat, 09 May 2009 01:03:47 GMT

Hello,

In my web application, I am using tomcat's form based authentication for
protecting my secure web pages. Thus whenever user starts accessing webapp
by providing an URL of protected page, it is redirected to login page.
However, while doing so it creates a session. I do not want my web
application to create a session until user logs into the system. 

I tried to figure out how form authenticator is working. I got source code
of FormAuthenticator at:
http://www.java2s.com/Open-Source/Java-Document/Sevlet-Container/tomcat-catalina/org/apache/catalina/authenticator/FormAuthenticator.java.htm

While processing first request, tomcat calls
FormAuthenticator.authenticate() method which is calling getSession method
which creates a session.

Is there any way to avoid this and tell tomcat to not create session.

Inputs on this will be of great help.

Thanks in advance.

- Umesh

-- 
View this message in context: http://www.nabble.com/Form-Based-Authentication-creates-user-session-before-it-is-authenticated--tp23455945p23455945.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message