posted 15 years ago
If I configure the web application security with
<session-config>
<session-timeout>120</session-timeout>
</session-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Page</web-resource-name>
<url-pattern>/jsp/*</url-pattern>
<url-pattern>/servlet/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/failed.jsp</form-error-page>
</form-login-config>
</login-config>
How could I keep the authentication live if client close their browser?
In the login page, I simply use
<form method="POST" action="j_security_check">.
Many thanks.
I find that for fire fox, if only close some tabs, web application would still think the session is active, but as long as the browser closed, the session and cookie would be expired on client side, how could I keep it live?
SCJP 5
SCWCD 1.4
SCDJWS 1.4
SCBCD 5
SCEA 5 (Part 1 cleared)
IBM Certified Solution Developer - WPS 6.1