This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Basic Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Basic Authentication" Watch "Basic Authentication" New topic

Basic Authentication

David Pantale
Ranch Hand

Joined: Mar 16, 2010
Posts: 32
I deliberately attempted used an incorrect password for an app running under Tomcat using BASIC authentication. Now I am always being denied access to the web page without being given the chance to login again despite turning the server off and on. Can someone explain this behavior? Was there a security cookie used by Tomcat? If so, is there a time limit on it?

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 41124
It's not the server, it's the browser that remembers what you entered into that dialog. If you restart the browser, then it should ask you once again for the password.

Ping & DNS - my free Android networking tools app
David Pantale
Ranch Hand

Joined: Mar 16, 2010
Posts: 32
Sorry, I failed to mention that I did restart the browser, several times, but I still failed to get another login page. Any other ideas?
I agree. Here's the link:
subject: Basic Authentication
Similar Threads
Session timoeout on JSP
problem on validatinfg role for security of </security-constraint>
assign user name and password programmatically
j_security_check 'next' page?
security problem