• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Regarding authenticated sessions.

 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I requested a constrained resource, and I used BASIC authentication method. The browser asked username and password. I provided valid ones. The authentication passed, and I got the constrained resource using browser(firefox).

I set setMaxInactiveInterval(100) to my session in jsp(which is a constrained resource), and after 100 seconds the session will be invalidated. Later, I send a request to the constrained resource. At this time the container is not doing authentication, it simply returns the constrained resource(the previous one). Why the container is not doing authentication?

Later I deleted authenticated session's in my firefox. After that, I made a request to constrained resource, at this time the container asks for authentication. Why the container is asking for authentication, after deleting authenticated sessions in firefox? It seems that session object in my jsp and authentication sessions in firefox are different. What are they actually? Is there any method to invalidate authenticated sessions in my jsp? I search through google, search through java documentation not find suitable answer. I noticed that the HttpSession object is different from authentication session. Please explain me or provide any link for this topic. Thankyou.
 
Patel Brijesh
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Chinmaya Chowdary wrote:Hi, I requested a constrained resource, and I used BASIC authentication method. The browser asked username and password. I provided valid ones. The authentication passed, and I got the constrained resource using browser(firefox).

I set setMaxInactiveInterval(100) to my session in jsp(which is a constrained resource), and after 100 seconds the session will be invalidated. Later, I send a request to the constrained resource. At this time the container is not doing authentication, it simply returns the constrained resource(the previous one). Why the container is not doing authentication?

Later I deleted authenticated session's in my firefox. After that, I made a request to constrained resource, at this time the container asks for authentication. Why the container is asking for authentication, after deleting authenticated sessions in firefox? It seems that session object in my jsp and authentication sessions in firefox are different. What are they actually? Is there any method to invalidate authenticated sessions in my jsp? I search through google, search through java documentation not find suitable answer. I noticed that the HttpSession object is different from authentication session. Please explain me or provide any link for this topic. Thankyou.


kindly check cookie maxAge() that comes into picture when session is not alive and set it to min time.

hope this helps..
 
Chinmaya Chowdary
Ranch Hand
Posts: 434
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thankyou.
 
Patel Brijesh
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Chinmaya Chowdary wrote:Thankyou.


your application must be using custom cookie class which set cookie in response ,if yes then set MaxinActivetime to -1 this will cause cookie to expire on window close.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic