• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP Form Authentication

 
harikumar devandla
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I read this statement in one of the SCWCD 1.3 study guides

For HTTP Form bases Auth:

1. "It specifies that the server should check for a reserved session cookie and should redirect users who do not have it to a designated login page."

-- what does it mean ? does the form-login-page should be in the session?


2. "Any time the server receives a request for a protected resource (using Form Auth), the server checks if the user has already logged in, e.g. server might look for Principal object in HttpSession object. If Principal found, then roles are checked against security contraints."

I dont understand this statement. What happens when the Principal is not
authorized ? ..

Thanks
Devandla
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic