tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Mauriello" <mm578...@albany.edu>
Subject Re: Question about BASIC Authentication
Date Thu, 01 Jul 2010 02:06:13 GMT
Christopher,

I may have found a problem in the SOLR header.jsp file that I am using in
navigation. The header.jsp file might be trying to send headers,
unfortunately I am not in the same location as the server so I will have
to check this out tomorrow.

I'll keep you posted,

~Matt

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthew,
>
> On 6/30/2010 8:20 PM, Matthew Mauriello wrote:
>> The behavior seems rather strange to me in fact, I've seen other
>> websites
>> run on what looks to be BASIC Authentication without popping these
>> browser
>> messages when leaving secured sections.
>
> Most websites use HTTP AUTH consistently, at least for a particular URL
> prefix.
>
>> See the http://user:password@website.com/SOLR is only used once and it
>> might actually be http://user:password@website.com/SOLR/ I have to look
>> into this.
>>
>> I feel like the authentication cookie is being created for the user and
>> then being forwarded to every page the user visits after that.
>>
>> I am hoping to find some way of preventing this behavior.
>
> Well, for starters, what web browser are you using? Can you give me a
> sample URL that I can use to play with a test version of your webapp?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwr76cACgkQ9CaO5/Lv0PACLQCgjmn6kpeN1L3uQPuxpUEbHT8C
> W/UAn1iaKySqcMfZNuttx7MjHYr6EqX4
> =Yxdn
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message