Charl Gerber wrote: > Hi everyone, > > Does Tomcat provide default support in some way to implement a 'remember me' > feature for form based authentication? This should not be dependent on a > user's browser remembering the username/password, but by a checkbox you can > check/clear on the logon jsp.
No. Tomcat implements the Servlet Spec, which does not currently include this functionality. > If so, where do I find it? If not, how can I implement it? My guess is that I > store the user credentials in a cookie, but how do I get every jsp/servlet in > my application that requires authentication to automatically retrieve this > and skip authentication? Sounds like a lot of overhead, unless Tomcat can > take care of it. > > Plan B, less desired, could be for the cookie to be read only in the logon > (via javascript) jsp and automatically fill the credentials. So the user only > have to type 'Submit' to logon. Not auto logon, but at least saves some > typing. Pretty much the same as the browser would have done it, except your > app now has control. Plan C: investigate the "SecurityFilter" project, which provides extra functionality including, I think, "remember me". p > Thanks! > > Charl > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
