RE: Basic authentication password caching
De: EDV Systembetrieb [mailto:[EMAIL PROTECTED]] Enviado el: lunes 17 de diciembre de 2001 14:33 My problem is, that there seems to be a permanent connection between the browser and the servlet or the logininformation a cached by the browser until the browser is restartet THis question has beat the list, so many times before, the short answer is no, at least with BASIC auth.., you cannot make the browser disregard a previously done auth, wihtout closing it.. And this is a behavior of all browsers, the solution is to use FORM instead of BASIC, and simply invalidate the session, if you try this with basic, next the browser request a protected page, it simply sends the cached auth previously done.. Saludos , Ignacio J. Ortega -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Basic authentication password caching
-Original Message- From: EDV Systembetrieb [mailto:[EMAIL PROTECTED]] Sent: Monday, December 17, 2001 8:33 AM To: [EMAIL PROTECTED] Subject: Basic authentication password caching Hi everybody, I setup Tomcat 3.3 with JDBCRealm and a mysql-database using basic authenticattion. We use a servlet for fileuploading to our server. Before sending the files, the user is prompted for loginname and password. My problem is, that there seems to be a permanent connection between the browser and the servlet or the logininformation a cached by the browser until the browser is restartet But I'd like to force the user to enter his ID and password each time he sends files, no matter if he restarts his browser or not. Any hints?? Besides another question: Is there any documentation about parameters usable in web.xml and apps-XXX.xml and what they mean. This would be very helpfull. The web.xml is docummented by the Servlet spec (version 2.2 for Tomcat 3.3). It may be obtained here: http://java.sun.com/products/servlet/download.html The apps-XXX.xml is documented in the User Guide under the Adding and Customizing Contexts section. The online version may be found at: http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ug.html#context_addcust Cheers, Larry Thanks Sabine -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Basic authentication password caching
On Mon, 17 Dec 2001, EDV Systembetrieb wrote: Date: Mon, 17 Dec 2001 14:32:34 +0100 From: EDV Systembetrieb [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Basic authentication password caching Hi everybody, I setup Tomcat 3.3 with JDBCRealm and a mysql-database using basic authenticattion. We use a servlet for fileuploading to our server. Before sending the files, the user is prompted for loginname and password. My problem is, that there seems to be a permanent connection between the browser and the servlet or the logininformation a cached by the browser until the browser is restartet But I'd like to force the user to enter his ID and password each time he sends files, no matter if he restarts his browser or not. Any hints?? As you noted, it is the *browser* that's caching the username/password, so there is nothing the server can do about it. An alternative would be to use form-based login instead -- invalidating the user's session logs them off. Besides another question: Is there any documentation about parameters usable in web.xml and apps-XXX.xml and what they mean. This would be very helpfull. For web.xml the important document is the Servlet Specification, which you can download from: http://java.sun.com/products/servlet/download.html For apps-XXX.xml you need to ask the 3.3 developers about it -- there's lots of docs about configuring Tomcat 4 :-). Thanks Sabine Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]