tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Swierczek" <mike.swierc...@gmail.com>
Subject login page behavior and the 2.4 specification
Date Thu, 19 Oct 2006 12:04:48 GMT
I'm receiving a 408 error, and I do understand why.  I just can't
figure out an end-user friendly way to avoid it.

The application runs on Tomcat 5.0.28 with form-based authentication.
It is accessed by some end users from regular PCs, but most connect
from kiosk web browsers.   When someone initially connects, a new
session is generated, they see the login page, they enter their
credentials, and login is fine.   Then they log out, and the login
page sits with no activity for hours, days, or weeks.   The next user
comes along, enters their credentials, and submits.   The request
reaches the server with an expired session id and a 408 error is
generated.

I've read parts of the 2.4 servlet specification, and I realize this
is the expected behavior.  But obviously this isn't what we want, it
is annoying to end users (even if I hide the 408 error and
transparently redirect back to the login page).

I've never used Ajax, but I imagine it would be possible to
transparently retrieve a new session ID from the server as soon as the
user starts to type a username or password.   Assuming I can do that,
it would solve the problem - but I am almost positive other solutions
to this existed before the advent of Ajax.

I would really appreciate any help, or suggestions as to where to
search for more information.

Thanks,
Mike

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message