tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Question about BASIC Authentication
Date Thu, 01 Jul 2010 01:30:15 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew,

On 6/30/2010 8:20 PM, Matthew Mauriello wrote:
> The behavior seems rather strange to me in fact, I've seen other websites
> run on what looks to be BASIC Authentication without popping these browser
> messages when leaving secured sections.

Most websites use HTTP AUTH consistently, at least for a particular URL
prefix.

> See the http://user:password@website.com/SOLR is only used once and it
> might actually be http://user:password@website.com/SOLR/ I have to look
> into this.
> 
> I feel like the authentication cookie is being created for the user and
> then being forwarded to every page the user visits after that.
> 
> I am hoping to find some way of preventing this behavior.

Well, for starters, what web browser are you using? Can you give me a
sample URL that I can use to play with a test version of your webapp?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwr76cACgkQ9CaO5/Lv0PACLQCgjmn6kpeN1L3uQPuxpUEbHT8C
W/UAn1iaKySqcMfZNuttx7MjHYr6EqX4
=Yxdn
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message