Bug ID: JDK-7006861 RFE: credential expiration to be a preference one can adjust via Java Control panel

Type: Enhancement
Component: deploy
Sub-Component: plugin
Affected Version: 6u23

Priority: P4
Status: Resolved
Resolution: Won't Fix
OS: windows_xp
CPU: x86

Submitted: 2010-12-14
Updated: 2014-08-04
Resolved: 2014-08-04

Same as bug#6955280 but they have discovered that upon ending one's Windows session,
e.g. rebooting, that the Java Plug-In will re-prompt for credentials -- even after
having been told to remember them.  

It remembers credentials, but not in between Windows sessions.
 And the customers do not seem pleased with the behavior although it is expected behavior.

The main concern is that customer expectation is really that the plug-in 
simply has the same credential cache as the enclosing browser session -- 
even without checking any "remember my password" checkboxes anywhere 
(though they're willing to do this once).

Realize that's not literally how things are going to work -- 
as the plug-in can't always see the browser session's credentials 
cache, but that does not alter the customer's expectation.  

They expect that they've logged into the site via the browser 
and that the plugin should behave as an integral part of the browser session.  
This is actually the way the plug-in works in Firefox on Windows -- 
at least as best I can tell from a user-experience perspective.  
I understand why it does not work this way in Internet Explorer, 
but the user expectation doesn't budge because of that.

Or this credential expiration to be a preference one can adjust via the Java control panel.

EVALUATION The credential is only valid to use for authentication if: 1. it must have a username, password, 2, it must have a current login session id indicating the user has agreed to use it during the current login session. If user reboot window machine and the login session id won't be the same anymore. We are treating it is a invalid authentication information to use.

15-12-2010