tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Session expiration - browser -Web application
Date Fri, 04 Nov 2011 17:07:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Léa,

On 11/4/11 12:04 PM, Léa Massiot wrote:
> @Tim : Thank you for your answer.
> 
>> [Tim wrote:] "Uncertain" is a bit vague.
> Yes. Ok. This is my understanding which is "uncertain" then. What
> happens is what you wrote: "a new session for the user with _none_
> of the objects from the old session in it".

The new session created is completely empty. It has nothing to do with
the user going back in the history, etc.

If you have a lot of data in the request parameters that can keep the
state of the workflow sane, then that's a different story. I always
try to have enough information in the page (form) so that resuming a
workflow after a session timeout is a possibility. This is something
you will have to code into your own webapp: it's not something Tomcat
can provide for you.

>> [Tim wrote:] If every page in the web app is supposed to require 
>> authentication you need to declare that in web.xml.
> Can you tell me how?

Read-up on the servlet spec, specifically the "authentication and
authorization" sections. Look for <security-constraint> and
<auth-constraint> sections in web.xml.

>> [Tim wrote:] I'm assuming (perhaps incorrectly) you've already
>> got some declaration in there for form authentication?
> What are you thinking about? Can you be more precise?

If users are logging-into your webapp, presumably they are providing a
username and password (or other credentials): where do you have that
configured?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk60G7QACgkQ9CaO5/Lv0PDIlACgoqsUbBg77GjOYVIbSfkAMbQW
I7AAoIXZVd5nMgT4v8fUeXnQTqcpJLmA
=IxaF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message