This content has been marked as final.
Show 2 replies
-
1. Re: Why avoid HTTP Authentication?
modoc Jun 4, 2007 8:07 PM (in response to awhitford)The lack of logoff ability (short of closing the browser) is one issue. You also have to pass the auth headers with each request, instead of having auth linked to a session (is this true with jboss? I don't know for sure.)
And for customer/user facing applications, having a login form integrated within your design is usually preferable.
Those are my thoughts at any rate... -
2. Re: Why avoid HTTP Authentication?
hstang Jun 4, 2007 8:18 PM (in response to awhitford)Here's a resource on this topic.
http://pdf.moreservlets.com/More-Servlets-and-JSP-Chapter-07.pdf