tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Kuhn" <>
Subject custom errors / j_security_check problems...
Date Thu, 01 May 2003 22:26:16 GMT
Hello all.

I'm currently developing a webapp on tomcat 4.1.18 that required short 
session timeouts and form-based authentication.

My problem is that when a user first requests a protected page, tomcat 
stores the requested url in a new session and responds with my form-based 
login page.  If the user doesn't submit the login form to j_security_check 
before the new session expires, tomcat responds with an error message saying 
they shouldn't request the login page directly.  This happens (I think) 
because tomcat has forgotten the requested url because the session expired.

I'd like to either provide custom error message that makes more sense, or 
store the requested url somewhere else (url or hidden field) that won't get 
lost.  Can anyone suggest a way to do this?


Brian Kuhn

Help STOP SPAM with the new MSN 8 and get 2 months FREE*

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message