- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sun, 18 May 2014 10:07:28 +0200
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- CC: "public-webid@w3.org" <public-webid@w3.org>
On 2014-05-18 09:59, Melvin Carvalho wrote: > > I don't disagree but banks do not like the idea that you may be logged in for > days without doing anything. It all goes back to the fact that HTTPS CCA is > incompatible with established methods for maintaining web sessions. > > > Surely they can just break the session on the server side, then. Like they do already with cookies? No, there is no such function in for example Java Servlets. HttpSession.invalidate() only works for cookie or URL-based sessions: http://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#invalidate() Anders
Received on Sunday, 18 May 2014 08:08:02 UTC