(I'm not sure what this question has to do with cookies,...)
> I use JDBCRealm and I'd like to have the connection times out after a
> certain period of time. Currently, it seems that once you have logged
> in, as long as you don't exit from your browser, the servlets
> can be run forever. Is there anything I can set in server.xml?
What exactly are you trying to time out--JDBCRealm's database connection, or
the servlet session, or the authenticated account? (Your mention of
JDBCRealm confuses me,...)
1) The database connection won't be closed until some error occurs.
2) The servlet session has a time-out specified by
webapp/session-config/session-timeout in your web.xml file.
3) Authentication, I believe, is maintained by the browser, not the server,
and there's no way to tell the browser to discard its credentials.
Assuming you're only worried about access to your servlets (not static files
on your system), you could always use your own authentication (e.g., a login
form with the credentials stored as a session attribute) and bypass the
browser's authentication.
-- Bill K.
