Hello togehter, I have a question on Container Managed Authorization in Tomcat. I read the actual ServletSpec but could not find a clear answer to my problem.
Did I understand the Servlet Spec SRV.12.5.3.1 right that when I use FORM Authentication my 'auth-lifetime' is tied to my session so I have to logon again when the session expired or when I call session.invalidate()to perform a logout? Is it also right that when I use one of the other Auth-Methods (BASIC, DIGEST...) the Authentication is not bound to my session lifetime? When so, how can I perform an explicit logout for those Methods? How could I tie session-lifetime and auth-lifetime together in all Auth-Methods? greetings Martin Gr�neberg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
