Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

authentication and sessions

 
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have made up a constrained resource in my web-app. When I enter the URL to this resource for the first time, the login window appears and after succesful login the page is being rendered in the browser. Now I enter the same URL a second time and the login window doesn't pop up anymore, which is reasonable. (Authentication happens only once).

But:
How will the container know that the second request is from the same user as the first one? Using Session-tracking I first thought. But after disabling cookies in my firefox browser the behaviour doesn't change!

Anyone have an idea?

 
Creator of Enthuware JWS+ V6
Posts: 3341
303
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rouven,

And when you start a new Firefox application (not a new tab)? When you open a new tab in firefox it keeps the session.

Regards,
Frits
 
Ranch Hand
Posts: 317
Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If cookies are disables then the container opts for url rewriting.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i think to container look at "www-authenticate" header to provide security checks...
it keeps some attribute in the session? because the fact of owning a jsessionid is not to say that the user has access to any resource, right?

Thanks
Rafa
 
Liar, liar, pants on fire! refreshing plug:
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic