stevearmstrong-dev commented on code in PR #924: URL: https://github.com/apache/tomcat/pull/924#discussion_r2559869535
########## webapps/host-manager/WEB-INF/web.xml: ########## @@ -112,8 +112,12 @@ <!-- Define the Login Configuration for this Application --> <login-config> - <auth-method>BASIC</auth-method> + <auth-method>FORM</auth-method> Review Comment: I was exploring form based auth instead of basic because with basic auth I was not able to implement a true login functionality and was limited to just invalidating the session, which allowed anyone to log back in instead of being prompted to login since their earlier logged credentials were stored in cache. I will be researching a way to see if we can do it within the same basic auth method although my initial attempts at this were unsuccessful. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
