The case is as follows: The company has a web portal in which Jasper reports are currently generated, for certain reasons it has been decided to use JasperReports Server (8.0.0 community edition) to generate reports, so as not to make an abrupt change between the web portal and JasperReports Server It has been decided to establish a joint work, that is, in the web portal the parameters or input controls of the report will be entered, then this information is sent to Jasper Server to subsequently generate the pdf or excel, the way in which we send the information is through a URL like the following: http://jasperadmin:jasperadmin@localhost:8080/jasperserver/rest_v2/reports/reports/MA032.pdf?AMB=yyyy What we do is build the url dynamically, we successfully bring the report in question with the correct information, we still look for a way to hide the username and password. The problem lies in making the user's session close immediately after the report is executed because the user remains in the session after executing the report, for this we have not found a solution in this regard, so we have thought of 2 alternatives, the first is shorten the time of inactivity of a user on the server, so that, for example, if 2 minutes pass after executing the report, it will be later removed from the server, and the second is to maintain one user per area for an indefinite time, that is, each area in the company will have a username and password, so that the users belonging to each area when generating the reports will use the credentials of their respective area . How good are these solutions?