Theres stated that in container-based security model web browser tracks the logins – is that correct?
As far as I know in container-based security one have the oportunity to define realms/principals and users belongig to these principals. Also in configuration file of your web application you can define restrictions which part of your application can used by particular principal. When you try to access this restricted area of application container will ask for authentication, upon sending right credentials (checked by container according to defined rules in configuration files) it will create SESSION with these credentials. Since your browser is connected with this SESSION (residing on server) through cookies or URLrewriting every following try to access restricted area will be successfull since container looking at user’s session knows that this user (browser) has been already authenticated.
Related Questions
- Defending against Web 2.0 and Browser Hacks & Attacks Can SaaS Web Security Deliver Higher Protection & Lower Cost?
- Theres stated that in container-based security model web browser tracks the logins - is that correct?
- Security seems no function when I open a password-protected share through web browser?
