Sun Java System Web Server 7.0 Developer's Guide to Java Web Applications

Sessions and Security

The Sun Java System Web Server 7.0 security model is based on an authenticated user session. Once a session has been created, the application user is authenticated if authentication is used and is logged into the session.

Additionally, you can specify that a session cookie is only passed on an HTTPS secured connection , so the session can only remain active on a secure channel.

For more information about security, see Chapter 8, Securing Web Applications.