tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <>
Subject Re: j_security_check-behaviour - looking for workaround
Date Tue, 02 Dec 2008 16:03:48 GMT
Hi Chris,

On Tue, Dec 2, 2008 at 3:51 PM, Christopher Schultz
<> wrote:
> Hash: SHA1
>> Now if the session times out, the user clicks on the menue, the url
>> requested is the source of the IFrame.
> This shouldn't be the case: the URL requested should be the URL of the
> link that was clicked. Am I just interpreting "the source of the iframe"
> incorrectly?

maybe my explanation was a bit missleading:

Actually, the linki is called from a JavaScript-menue *sic*.

The link looks like this:

<a href="whlstt911.htm#912" target="some_inner_frame"><img
src="../snbulletopen.gif" border="0" align="absmiddle"> Medizin</a>

As you can see, in this menue there's always the target (the inner
frame) specified.

However, j_security_check takes the original link (in this case:
"whlstt911.htm#912") and open this page. However, this page is not
displayed within the inner frame but as it's very own page, so that
verything "around" the IFrame is lost.

> 1. If you follow a link in a frame, your login page needs to be
>   in-frame friendly.
> 2. If you reload the entire page, your login page needs to be
>   out-of-frame friendly.

Hm, I got not the slightest idea what you mean by in-frame- /
out-frame-friendly - could you shed some light?


what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message