• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

authentication and sessions

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have made up a constrained resource in my web-app. When I enter the URL to this resource for the first time, the login window appears and after succesful login the page is being rendered in the browser. Now I enter the same URL a second time and the login window doesn't pop up anymore, which is reasonable. (Authentication happens only once).

But:
How will the container know that the second request is from the same user as the first one? Using Session-tracking I first thought. But after disabling cookies in my firefox browser the behaviour doesn't change!

Anyone have an idea?

 
Creator of Enthuware JWS+ V6
Posts: 3411
320
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rouven,

And when you start a new Firefox application (not a new tab)? When you open a new tab in firefox it keeps the session.

Regards,
Frits
 
Ranch Hand
Posts: 317
Eclipse IDE
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If cookies are disables then the container opts for url rewriting.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i think to container look at "www-authenticate" header to provide security checks...
it keeps some attribute in the session? because the fact of owning a jsessionid is not to say that the user has access to any resource, right?

Thanks
Rafa
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic