For security concerns , any calls to my servlet will go through the security filter , and then be directed to the selected servlet only when its a trusted client , otherwise 401 unauthorized status will be returned.
Now , the client side developers are tired with the process of maintain the session every call, and are annoyed by the unexpected 401 status now and then , so my doubt is :
(1) is it true to maintain a login status using session on server side. if not ,what is the best practice .
(2) how can client side elegantly avoid frequent 401 error.
Aucun commentaire:
Enregistrer un commentaire