David, Thanks for replying.
In our case the application business logic is not storing critical information in session beans etc. So using the BASIC would be ok. Is it possible to get the same behavior from a FORMS based login, in that it keeps the login credentials and when the client makes a request, tomcat opens a new session? I'm pretty sure the answer is no. Regards, -Dennis Klotz -----Original Message----- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 08, 2006 6:07 PM To: Tomcat Users List Subject: Re: basic question regarding BASIC and FORMS logins Kind of. With BASIC auth, the session from the server's perspective can still go away. But as the browser caches the credentials, new session creation is automatic. The end user experience depends on the data stored in the session, webapp design, and where they were when they abandon the previous session. --David Klotz Jr, Dennis wrote: >Greetings all, > >I'm trying to get my facts straight, and I'm hoping you will help. > >I am using forms based login right now and when the tomcat session times >out, the user has to login again. No surprise there. > >Now, some of our customers don't like this, so for them - can I use a >BASIC login (with SSL possibly) and their user will always be able to >use the session as long as the browser doesn't go away. This is even if >the tomcat session expires! > >Is that right? > > >Regards, > >-Dennis Klotz > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > -- ======================================= David Smith Network Operations Supervisor Department of Entomology College of Agriculture & Life Sciences Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: 607.255.9571 Fax: 607.255.0939 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
