[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] prevent new session on form login
|
Hello.
This security related feature can be turned off by an configuration parameter.
<Set name="securityHandler">
<New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
.....
<Set name="sessionRenewedOnAuthentication">false</Set>
</New>
</Set>
Regards,
- Tore.
On Apr 16, 2011, at 22:09 , Tore Halset wrote:
> Hello.
>
> I have an application using form based login. For some strange reason we have some non-browser-applications using the same form based login.
>
> After upgrade from jetty 7.1.6 to 7.3.0 authentication still works from a normal web client, but it does not work from all of the non-browser-applications. This problem is caused by jetty 7.3 creating a new session when the user is authenticated. This is easy to fix in the clients we have control over, but some of them we do not have control over.
>
> It looks like this is caused by the fix of
> http://jira.codehaus.org/browse/JETTY-1281
>
> What is the reason for creating a new session on login? Is it possible to turn this feature off?
>
> Regards,
> - Tore.
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
>
