tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor Schneider <rc4...@googlemail.com>
Subject Re: Tomcat Realm Auto-Relogin after Session-Timeout Problem
Date Wed, 11 Feb 2009 16:35:35 GMT
On Wed, Feb 11, 2009 at 4:43 PM, lynckmeister <lyncker@gmx.de> wrote:
>
> Hi Gregor,
>
> I didnt get it. Your writing a peace of code wich lets me custmize the url
> or page wich is called if a sessiontimeout occurs?
>
Nope.

What the Valve does, ist the following:

If a session times out, usually nothing is happening.
However, when requesting some content of the protected site *after*
the session times out, Tomcat usually does the following:

- store the original request
- call the defined-login-screen via j_security
- if authentication is ok, procede to the url contained in the original request

It's obvious that there are some scenarios where this behaviour is
causing problems, i.e. url-selections via a javascript-menue, framed
sites etc.

However, when using the valve, you can specify the url to which should
be forwarded *after* positive authentication, i.e. "index.html".

Therefore, I figure that such a valve might be a perfect solution for
your problem.

Rgds

Gregor
-- 
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message