• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
  • Junilu Lacar
Sheriffs:
  • Tim Cooke
  • Jeanne Boyarsky
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • salvin francis
  • fred rosenberger
  • Frits Walraven

About FORM based authentication

 
Ranch Hand
Posts: 2066
IntelliJ IDE Clojure Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In the HFSJ book, it's mentioned as,

Note: If you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned.



Why do we have to use SSL for this? I know, session tracking is need to track the user who asked the restricted resource. But, How do we use SSL for session tracking? SSL used for secure transmission. For session tracking?

Thanks...
 
Ranch Hand
Posts: 163
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSL alone itself can be used for session tracking and secure transmission. Go in the specs and read the ways by which Container can perform session tracking
 
Creator of Enthuware JWS+ V6
Posts: 3326
298
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Abimaran,

Note: If you're using Form-based authentication, be sure to turn on SSL or session tracking, or your Container might not recognize the login form when it's returned.

It is written in a rather difficult way, but read it like this:

If the container doesn't track sessions, the users can be asked to authenticate every time they request a URL which has a security-constraint (which is quite annoying).

SSL is used for secure transport, but it also comes with an extra feature of session tracking

SRV.7.1.2 SSL Sessions
Secure Sockets Layer, the encryption technology used in the HTTPS protocol, has a
built-in mechanism allowing multiple requests from a client to be unambiguously
identified as being part of a session. A servlet container can easily use this data to
define a session.


Regards,
Frits

 
They worship nothing. They say it's because nothing is worth fighting for. Like this tiny ad:
Two software engineers solve most of the world's problems in one K&R sized book
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic