tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Re-opening the browser
Date Mon, 11 Aug 2008 20:32:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

Mark Thomas wrote:
| If you go directly to the login page Tomcat can't tell the difference
| between that situation and when you go to a protected page, are
| redirected to the login page and then take so long to log in the session
| times out (the page you need to be sent back to is stored in the
| session). The error message assumes that the session has timed out.

Okay, so the Tomcat response is (expectedly) consistent. Thanks for
stepping-in.

Just out of curiosity, why does Tomcat not support drive-by logins? Is
it merely because the spec leaves the behavior in that case ambiguous
(there's no obvious target page to go to)? Many of securityfilter's
users use it merely because it allows drive-by logins. We're happy to
have them (!), but this seems like a reasonable feature to have in the
core of Tomcat.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkigofcACgkQ9CaO5/Lv0PABBACeJDKRQss25b9pd7l5zbpSHO+2
fdUAn2rZ6uCUfWZ+5CEshnCzamREcXBQ
=GDVs
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message