> -----Original Message----- > From: Jacob Kjome [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2003 12:29 PM > To: Tomcat Users List > Subject: RE: JDBCRealm - Session not timing out > > Basic AUTH gets resent automatically, you'd just start > them over with a > new session. Don't make any assumptions that Basic AUTH and the > HttpSession know anything about each other.
My assumption was that the container is sufficiently intelligent enough to recognize that the credentials as sent are from an expired session (ie: this particular container *does* relate sessions to authentications). But as you say, if there is no built-in way to get a browser to re-prompt for new Basic AUTH credentials if it already has a set for that domain, then we're SOL, and we're better off going with FORM if you want to tie authentication with sessions (which seems natural for some applications). --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]