This content has been marked as final.
Show 1 reply
-
1. Re: Login Module
jwkaltz Nov 12, 2001 12:59 PM (in response to rlynn)Yes, the server does cache the credentials, but this need not be a problem for you : if the user provides the same username & password again, then it's OK right ? If the user provides the same username but a different password, the server would do a login() so you're still safe.
At any case you can't do anything on browser closing (except maybe with JavaScript or some other screwy thing). What you can do, is an explicit "logout" button in your application, and invalidate the http session when this is called. This can also give you a hook to do something with your ejbs (search the forums for HttpSessionBindingListener, there was some discussion on this a while back)