This week's book giveaway is in the OCAJP forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide 1Z0-808 and have Jeanne Boyarsky & Scott Selikoff on-line! See this thread for details.
i am working on this.i recommand you to try to implement it. you may get something (now i am facing some problem in form based authentication ,some time its working but some time it is giving problem.. i think due to session )
and i think to understand the login information data ,container is using session...
correct me if i am wrong
Joined: Jul 14, 2008
Hi seetharaman venkatasamy,
Thanks for the response
I'm not preparing by writing programes, as I don't have computer at home and in office not possible due to hectic work. So will try but not sure I can because I need to setup env all, install tomcat etc.
I have worked on servletes and JSP's in my previous project so now I am only studying book not practicing ....
Please share your knowledge once you done. [ August 05, 2008: Message edited by: Chintu sirivennela ]
Originally posted by Chintu sirivennela: what is the relation among form based authentication and SSL or session tracking
The key point is that there is no relationship. That's why -if there is neither SSL nor session tracking- the login will not work, or rather, the server will not recognize on the next request that it's from a client that has just logged in.
Paul -welcome to JavaRanch, by the way- is pretty close. Session tracking -either via cookies or via URL rewriting- is one way for the server to correlate requests as coming from the same client. So it can remember that that client has logged in before.
SSL works differently -no HTTP session is involved-, but it, too, allows the server to correlate client requests, thus enabling it to remember which clients have logged in.
Without either in place, the login will work once, but when the next request from the same client reaches the server, it will have forgotten all about the login.
Note that this is different from basic authentication, where the username and password are sent by the browser with every single request, not just the first one. [ August 05, 2008: Message edited by: Ulf Dittmer ]
Joined: Jul 14, 2008
Thanks a ton Ulf Dittmer. Your explanation is very much imppressive, Thanks a lot once again.