tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gregor Schneider <>
Subject Re: Request not forwarded to login page with security-constraint after session time-out
Date Thu, 26 Feb 2009 14:59:13 GMT

On Thu, Feb 26, 2009 at 12:16 AM, Marcel Stör <> wrote:
> [Problem]
> Upon session time-out the request is not forwarded to the login page (form
> based auth). Nothing happens on the UI. However, forwarding to the login
> page does work during the initially login into the application.

Not sure if I get you right:

Do you expect an *automatic* forwarding to the login-page?

Or are your requesting a protected url *after* session has timed out?

If the latter:

In the Tomcat-access-logs, do you seen any HTTP 40x?



This looks a bit awkward to me (didn't know that this is possible),
but I guess that's not the reason for your problem:

>    <role-name>*</role-name>

PPS: Compliments for the excellent problem-decription!

just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message