tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kris Reid <>
Subject Re: Pipelining Problem after Form Authentication with Firefox and Status Code 408
Date Tue, 05 Jan 2010 19:22:20 GMT

Did you find a solution? I've got the same issue

Derek-52 wrote:
> Hello,
> I have some troubles with firefox and form authentication running on  
> Tomcat 5.0.28.
> It happens as followed:
> User requests restricted Page and is redirected to a LoginServlet  
> which forwards the request to a Login.jsp. Nothing special here.
> Instead of logging in, the user waits, for  as long as the configured  
> session timeout e.g. 5 Minutes.
> After 5 Minutes he try to log in. The session is already expired an  
> Tomcat answers with Status Code 408.
> Status Code 408 should be handled by an error-page configured in the  
> web.xml.
> <error-page>
>    <error-code>408</error-code>
>    <location>Error.jsp</location>
> <error-page>
> With IE7 ore Safari i see ONE Request in my Tomcat Access Logfile,  
> answered with a 408, and then the Error Page is displayed.
> In Firefox 2.0.5 however, not ONE but TEN requests are made. All are  
> answered with 408, but not the Error Page is displayed, but a default  
> file not found status code 404  (j_security_check not found) is  
> displayed.
> If I then configure an error-page for status code 404 it gets even  
> stranger, and after all request were made, firefox displays its  
> standard "The connection was reset" page.
> As far as i understand the problem, firefox with enabled pipelining  
> sends multiple requests after the session expired and tomcat can not  
> handle those requests.
> What i don't understand is, why firefox sends so many requests?
> Can i control this behavior by setting some response headers? I  
> already tried Pragma: no-cache and
> Cache-Control: no-cache,no-store,must-revalidate?
> Or meta-tags in the html of the Login.jsp?
> Another interesting side effect is, that even so the server answer  
> with a 408, the JDBC Realm successfully authenticates the user. And  
> if you click the back button in the Browser you get to the actual  
> requested page without further Logins.
> But i guess, thats another question ....
> Any help is appreciated,
> Derek
> ---------------------------------------------------------------------
> To start a new topic, e-mail:
> To unsubscribe, e-mail:
> For additional commands, e-mail:

----- Kremsoft - Software Development 
View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message