Sun Java System Web Server 7.0 Update 4 Developer's Guide to Java Web Applications

Sessions and Security

The Web Server security model is based on an authenticated user session. Once a session has been created, the application user is authenticated if authentication is used and is logged into the session.

Additionally, you can specify that a session cookie is only passed on an HTTPS secured connection , so the session can only remain active on a secure channel.

For more information about security, see Chapter 8, Securing Web Applications.