Hi Larry, Thank you for your reply! Yes, I have tried the form authentication. It does redirect to the login page when session expires. Gia
Larry Meadors <[EMAIL PROTECTED]> wrote: If you are using basic authentication, that is out of your control - the browser will resend the authentication with every request. I does not care at all about your session. I think your simplest solution is to switch to form-based authentication. Larry On Thu, 27 Jan 2005 19:58:16 -0800 (PST), Gia Thornton wrote: > Hi, > I am using Tomcat Container managed security: Basic Authentication by adding > the following to web.xml. > > > > The Entire Web Application > /XMLServlet > > > tomcat > > > > BASIC > UserDatabase > > > > An example role defined in "conf/tomcat-users.xml" > > tomcat > > > ----------------------------------------- > I have used a form in my jsp: > > > [input] > [input] > [input] > > > If I click on "Edit" button, the javascript checkLogin will submit the form. > If the user has not logged in, an authentication window will pop up. After > the first-time authentication, the page is directed to the same page > containing the above form. I intentionally set setMaxInactiveInterval to be > like 10 seconds in XMLServlet. When the session expires, I click the "Edit" > button again, now the page directly go to XMLServlet without the > authentication window poped up. > > Does anyone know what causes this? How can I get the authentication window > pop up when the session expires? Thank you for your help. > > > Gia > > > --------------------------------- > Do you Yahoo!? > Yahoo! Search presents - Jib Jab's 'Second Term' > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com