Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] prevent new session on form login

Hello.

This security related feature can be turned off by an configuration parameter.

<Set name="securityHandler">
	<New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
       .....
	<Set name="sessionRenewedOnAuthentication">false</Set>
	</New>
</Set>

Regards,
 - Tore.

On Apr 16, 2011, at 22:09 , Tore Halset wrote:

> Hello.
> 
> I have an application using form based login. For some strange reason we have some non-browser-applications using the same form based login.
> 
> After upgrade from jetty 7.1.6 to 7.3.0 authentication still works from a normal web client, but it does not work from all of the non-browser-applications. This problem is caused by jetty 7.3 creating a new session when the user is authenticated. This is easy to fix in the clients we have control over, but some of them we do not have control over.
> 
> It looks like this is caused by the fix of
> http://jira.codehaus.org/browse/JETTY-1281
> 
> What is the reason for creating a new session on login? Is it possible to turn this feature off?
> 
> Regards,
> - Tore.
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users
> 



Back to the top