tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcel Stör <>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Fri, 27 Feb 2009 07:59:04 GMT
Marcel Stör wrote:
> 3. Why does it seem to be relevant that the request where 
> auto-forwarding-to-login-after-session-timeout fails is an AJAX request?

That was my last thought last night before I fell asleep...and my first this morning when
I woke up. And then the scales fell from my eyes, it suddenly dawned on me.

As expected what Tomcat does is 100% correct. The key words here are "forward" vs. "redirect".
My application sends an AJAX request to /app/AppServlet, Tomcat requires authentication because
the session had timed out and dutifully *forwards* to the login page. Hence, the result of
the request is not some JSON object as expected by the client in the browser but the login
page HTML structure/page. The client simply isn't prepared for that and freezes.

I'll go fix my application now. Sorry for the disturbance.


Marcel Stör,
Skype: marcelstoer

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message