tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Re-opening the browser
Date Mon, 11 Aug 2008 14:34:48 GMT
Hash: SHA1


Tokajac wrote:
| But when i submit the (activated) username and password, i got the
| --------------------------------------------------------------------------
| HTTP Status 408 - The time allowed for the login process has been
| If you wish to continue you must either click back twice and re-click the
| link you requested or close and re-open your browser

This is probably because you went directly to the form login page, and
you are using Tomcat's built-in container-managed authentication and

Instead of sending the user directly to the login-page, try sending them
to a protected URL (like /myApp/someProtectedPage). This will cause
Tomcat to display the login page itself (which is actually required),
and then the login should work.

| What's wrong here? Is it something about sessions/cookies? How should i
| solve this?

Technically, the 408 is probably because of the timing of your testing.
If you waited like 1 hour between requests, you'd get a different error
like "unexpected login at this time" or a 404 because j_security_check
isn't a valid URL unless the container is expecting it. It's a bit odd,
but the servlet specification does not allow for "drive-by" logins, and
so Tomcat does not implement them.

| P.S.
| If i open another browser manually after clicking the link, and submit
| activated username and pass -everything is fine.

Hmm. That's a bit odd. You might want to disable cookies in your browser
during testing, because they can confuse things sometimes by linking a
minutes-old session with a "new" login you are attempting.

Try the protected-page trick above and let us know how things go.

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message