tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcel Stör <>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 15:21:11 GMT
Gregor Schneider wrote:
> Marcel,
> On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör <> wrote:
>> [Problem]
>> Upon session time-out the request is not forwarded to the login page (form
>> based auth). Nothing happens on the UI. However, forwarding to the login
>> page does work during the initially login into the application.
> Not sure if I get you right:
> Do you expect an *automatic* forwarding to the login-page?
> Or are your requesting a protected url *after* session has timed out?

Well, a bit of both ;-) If I request a protected URL (manually clicking link, AJAX request,
etc.) *after* the session has timed out I expect an automatic forwarding to the login page.
As I could see while debugging, the request dispatcher does indeed issue a forward() to the
login page but nothing happens.

> If the latter:
> In the Tomcat-access-logs, do you seen any HTTP 40x?

I need to check.

> PS.:
> This looks a bit awkward to me (didn't know that this is possible),
> but I guess that's not the reason for your problem:
>>    <role-name>*</role-name>

I'm sure either, I saw it in some tutorial. Since I don't have a role table (right, JDBCRealm
complains about that, but whatever...) it basically means that I don't use role based access.

> PPS: Compliments for the excellent problem-decription!

Thanks, after all I need people to help me. So, it's in my own best interest.


Marcel Stör,
Skype: marcelstoer

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message