This week's book giveaway is in the OCPJP forum. We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line! See this thread for details.
When the unauthenticated user first time requests a constrained resource, the Container automatically starts login/authentication process. But once the user is authenticated with this process and the next time when the same authenticated user requests constrained resource, how does Container keeps track of the fact that the user requesting constrained resource is already authenticated?
If you are talking about BASIC authentication, then in that case after the user authenticates himself/herself, on any subsequent request to the server, the browser sends an authentication header which contains the username and password in Base64 encoded form. The header looks like this (the long text in the end is the encoded username and password)