When the unauthenticated user first time requests a constrained resource, the Container automatically starts login/authentication process. But once the user is authenticated with this process and the next time when the same authenticated user requests constrained resource, how does Container keeps track of the fact that the user requesting constrained resource is already authenticated?
I am slow but sure
posted 6 years ago
Please look at HttpSession in the javax.servlet.http package
If you are talking about BASIC authentication, then in that case after the user authenticates himself/herself, on any subsequent request to the server, the browser sends an authentication header which contains the username and password in Base64 encoded form. The header looks like this (the long text in the end is the encoded username and password)