If you are using basic authentication, that is out of your control - the browser will resend the authentication with every request. I does not care at all about your session.
I think your simplest solution is to switch to form-based authentication. Larry On Thu, 27 Jan 2005 19:58:16 -0800 (PST), Gia Thornton <[EMAIL PROTECTED]> wrote: > Hi, > I am using Tomcat Container managed security: Basic Authentication by > adding the following to web.xml. > > <security-constraint> > <web-resource-collection> > <web-resource-name>The Entire Web Application</web-resource-name> > <url-pattern>/XMLServlet</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>tomcat</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>UserDatabase</realm-name> > </login-config> > <security-role> > <description> > An example role defined in "conf/tomcat-users.xml" > </description> > <role-name>tomcat</role-name> > </security-role> > > ----------------------------------------- > I have used a form in my jsp: > > <form name="update" method="POST" action="/abc/XMLServlet"> > <input type=button name="save_change" value="Save" > onclick="saveChange(event)"> > <input type=button name="cancel_change" value="Cancel" > onclick="cancelChange(event)"> > <input type=button name="edit" value="Edit" onclick="checkLogin(event)"> > </form> > > If I click on "Edit" button, the javascript checkLogin will submit the form. > If the user has not logged in, an authentication window will pop up. After > the first-time authentication, the page is directed to the same page > containing the above form. I intentionally set setMaxInactiveInterval to be > like 10 seconds in XMLServlet. When the session expires, I click the "Edit" > button again, now the page directly go to XMLServlet without the > authentication window poped up. > > Does anyone know what causes this? How can I get the authentication window > pop up when the session expires? Thank you for your help. > > > Gia > > > --------------------------------- > Do you Yahoo!? > Yahoo! Search presents - Jib Jab's 'Second Term' > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
