On Mon, 17 Dec 2001, EDV Systembetrieb wrote:
> Date: Mon, 17 Dec 2001 14:32:34 +0100
> From: EDV Systembetrieb <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Basic authentication & password caching
>
> Hi everybody,
>
> I setup Tomcat 3.3 with JDBCRealm and a mysql-database using basic
> authenticattion. We use a servlet for fileuploading to our server.
> Before sending the files, the user is prompted for loginname and
> password.
>
> My problem is, that there seems to be a permanent connection between
> the browser and the servlet or the logininformation a cached by the
> browser until the browser is restartet
>
> But I'd like to force the user to enter his ID and password each time
> he sends files, no matter if he restarts his browser or not.
>
> Any hints??
>
As you noted, it is the *browser* that's caching the username/password, so
there is nothing the server can do about it. An alternative would be to
use form-based login instead -- invalidating the user's session logs them
off.
> Besides another question: Is there any documentation about parameters
> usable in web.xml and apps-XXX.xml and what they mean. This would be
> very helpfull.
>
For web.xml the important document is the Servlet Specification, which you
can download from:
http://java.sun.com/products/servlet/download.html
For apps-XXX.xml you need to ask the 3.3 developers about it -- there's
lots of docs about configuring Tomcat 4 :-).
> Thanks Sabine
>
Craig
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
