> I'm not entirely sure about Form AUTH, but Basic AUTH doesn't use > sessions. The browser caches the login information provided and > re-sends it on each request. So, there is no real "time out" for Basic > AUTH. The only equivalent would be to close all open browsers. This > deletes the cache of the Basic AUTH credentials forcing the user to > re-enter it once a new browser is opened and the protected web site is > re-visited.
And that is exactly why Basic AUTH is unacceptable. The only way to login-in with different user credentials is to kill all instances of your browser.
I have seen references (hints) about invalidating the session to force a re-login. However; I can not find any information that explains how / when the session is created or how I can use that session.
(I use frequently use session objects and am familiar with how they work, but using JDBCRealm is new to me)
When I set up for Form AUTH and navigate to the test URL, I see the following:
http://localhost/hd/login.jsp;jsessionid=9385A2CD74946FCFF922CC327699E22E
Which seems to indicate that a session has been created.
Now, if it has been created, how can I use it? I would like to add my objects to the session object.
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
