- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 18 May 2014 10:30:22 +0200
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: "public-webid@w3.org" <public-webid@w3.org>
Received on Sunday, 18 May 2014 08:30:50 UTC
On 18 May 2014 10:07, Anders Rundgren <anders.rundgren.net@gmail.com> wrote: > On 2014-05-18 09:59, Melvin Carvalho wrote: > > > > I don't disagree but banks do not like the idea that you may be > logged in for > > days without doing anything. It all goes back to the fact that > HTTPS CCA is > > incompatible with established methods for maintaining web sessions. > > > > > > Surely they can just break the session on the server side, then. Like > they do already with cookies? > > No, there is no such function in for example Java Servlets. > > HttpSession.invalidate() only works for cookie or URL-based sessions: > > > http://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpSession.html#invalidate() > Henry is the expert on this, I dont think he used HttpSession.invalidate() see: http://lists.w3.org/Archives/Public/public-xg-webid/2011Oct/0039.html > > Anders > >
Received on Sunday, 18 May 2014 08:30:50 UTC