tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Derek <de...@ludenkalle.de>
Subject Pipelining Problem after Form Authentication with Firefox and Status Code 408
Date Thu, 09 Aug 2007 05:07:39 GMT
Hello,

I have some troubles with firefox and form authentication running on  
Tomcat 5.0.28.
It happens as followed:

User requests restricted Page and is redirected to a LoginServlet  
which forwards the request to a Login.jsp. Nothing special here.
Instead of logging in, the user waits, for  as long as the configured  
session timeout e.g. 5 Minutes.
After 5 Minutes he try to log in. The session is already expired an  
Tomcat answers with Status Code 408.
Status Code 408 should be handled by an error-page configured in the  
web.xml.
<error-page>
   <error-code>408</error-code>
   <location>Error.jsp</location>
<error-page>

With IE7 ore Safari i see ONE Request in my Tomcat Access Logfile,  
answered with a 408, and then the Error Page is displayed.
In Firefox 2.0.5 however, not ONE but TEN requests are made. All are  
answered with 408, but not the Error Page is displayed, but a default  
file not found status code 404  (j_security_check not found) is  
displayed.

If I then configure an error-page for status code 404 it gets even  
stranger, and after all request were made, firefox displays its  
standard "The connection was reset" page.

As far as i understand the problem, firefox with enabled pipelining  
sends multiple requests after the session expired and tomcat can not  
handle those requests.

What i don't understand is, why firefox sends so many requests?
Can i control this behavior by setting some response headers? I  
already tried Pragma: no-cache and
Cache-Control: no-cache,no-store,must-revalidate?
Or meta-tags in the html of the Login.jsp?

Another interesting side effect is, that even so the server answer  
with a 408, the JDBC Realm successfully authenticates the user. And  
if you click the back button in the Browser you get to the actual  
requested page without further Logins.
But i guess, thats another question ....

Any help is appreciated,

Derek


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message