tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcel Stör <mar...@frightanic.com>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Fri, 27 Feb 2009 07:59:04 GMT
Marcel Stör wrote:
[...]
> 3. Why does it seem to be relevant that the request where 
> auto-forwarding-to-login-after-session-timeout fails is an AJAX request?

That was my last thought last night before I fell asleep...and my first this morning when
I woke up. And then the scales fell from my eyes, it suddenly dawned on me.

As expected what Tomcat does is 100% correct. The key words here are "forward" vs. "redirect".
My application sends an AJAX request to /app/AppServlet, Tomcat requires authentication because
the session had timed out and dutifully *forwards* to the login page. Hence, the result of
the request is not some JSON object as expected by the client in the browser but the login
page HTML structure/page. The client simply isn't prepared for that and freezes.

I'll go fix my application now. Sorry for the disturbance.

Regards,
Marcel

-- 
Marcel Stör, http://www.frightanic.com
Blog: http://frightanic.wordpress.com
Couchsurfing: http://www.couchsurfing.com/people/marcelstoer
Skype: marcelstoer



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message