-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 9/13/2010 2:21 PM, André Warnier wrote: > As far as I know, the Tomcat (container-managed) authentication is based > on the user session Per the servlet spec, the HttpSession == "user login" for FORM authentication. > and the persistence of a session is linked to the > JSESSIONID cookie which Tomcat sends to the browser; and as far as I > know this JSESSIONID cookie, by default, only lasts for the duration of > a web browser session. > > So, independently of whether Tomcat saves and persists the sessions > across a webapp reload or a Tomcat restart, if the user close and > re-open their browser, their session will be lost, and so will their > authentication. Generally speaking, yes. > If your goal is that users need to login only once during any day, then > you should look at some Single-Sign-On mechanism, external to Tomcat. Or, just change the session expiration time. I think Mohammad is talking about logins surviving a Tomcat restart (which they should be able to do, without any additional configuration from the default). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOdmsACgkQ9CaO5/Lv0PB+3QCeMVV+1Y3tKnKMWLgFBwBki/7T WYAAoIzSo4hu+GuM5ttfgw/EV7qL9J4Z =7FyR -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
