tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Re-opening the browser
Date Mon, 11 Aug 2008 19:37:06 GMT
Christopher Schultz wrote:
> Tokajac,
> Tokajac wrote:
> | But when i submit the (activated) username and password, i got the
> | 
> --------------------------------------------------------------------------
> | HTTP Status 408 - The time allowed for the login process has been
> exceeded.
> | If you wish to continue you must either click back twice and re-click the
> | link you requested or close and re-open your browser
> This is probably because you went directly to the form login page, and
> you are using Tomcat's built-in container-managed authentication and
> authorization.
> Instead of sending the user directly to the login-page, try sending them
> to a protected URL (like /myApp/someProtectedPage). This will cause
> Tomcat to display the login page itself (which is actually required),
> and then the login should work.
> | What's wrong here? Is it something about sessions/cookies? How should i
> | solve this?
> Technically, the 408 is probably because of the timing of your testing.
> If you waited like 1 hour between requests, you'd get a different error
> like "unexpected login at this time" or a 404 because j_security_check
> isn't a valid URL unless the container is expecting it. It's a bit odd,
> but the servlet specification does not allow for "drive-by" logins, and
> so Tomcat does not implement them.

If you go directly to the login page Tomcat can't tell the difference 
between that situation and when you go to a protected page, are redirected 
to the login page and then take so long to log in the session times out 
(the page you need to be sent back to is stored in the session). The error 
message assumes that the session has timed out.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message