• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

authentication and sessions

 
rouven gorsky
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have made up a constrained resource in my web-app. When I enter the URL to this resource for the first time, the login window appears and after succesful login the page is being rendered in the browser. Now I enter the same URL a second time and the login window doesn't pop up anymore, which is reasonable. (Authentication happens only once).

But:
How will the container know that the second request is from the same user as the first one? Using Session-tracking I first thought. But after disabling cookies in my firefox browser the behaviour doesn't change!

Anyone have an idea?

 
Frits Walraven
Creator of Enthuware JWS+ V6
Saloon Keeper
Pie
Posts: 2531
112
Android Chrome Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Rouven,

And when you start a new Firefox application (not a new tab)? When you open a new tab in firefox it keeps the session.

Regards,
Frits
 
Harpreet Singh janda
Ranch Hand
Posts: 317
Eclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If cookies are disables then the container opts for url rewriting.
 
Rafael Leandro Santos
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i think to container look at "www-authenticate" header to provide security checks...
it keeps some attribute in the session? because the fact of owning a jsessionid is not to say that the user has access to any resource, right?

Thanks
Rafa
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic