Should my JDBCRealm login reset when the session times out?
I have tried it in both Basic AUTH and Form AUTH. My session never times out.
I'm not entirely sure about Form AUTH, but Basic AUTH doesn't use sessions. The browser caches the login information provided and re-sends it on each request. So, there is no real "time out" for Basic AUTH. The only equivalent would be to close all open browsers. This deletes the cache of the Basic AUTH credentials forcing the user to re-enter it once a new browser is opened and the protected web site is re-visited.
Jake
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
