tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Watts <...@cliftonfarm.org>
Subject Re: Session expiration - browser -Web application
Date Fri, 04 Nov 2011 14:54:45 GMT
On Fri, 2011-11-04 at 07:16 -0700, Léa Massiot wrote:
> Hello,
> 
> Thank you for reading my post.
> 
> Maybe my question is not purely related to "Tomcat" but here is my problem:
> - a user logs into my Webapp;
> - his session expires;
> - if he:
>       - presses the F5 key (browser refresh functionality),

This creates a new session for the user with _none_ of the objects from
the old session in it (because it expired).

>       - goes back to the previous screen using the browser "go back one
> page" button...
>       all that was stored in the session is lost and the Webapp behaviour is
> uncertain.

"Uncertain" is a bit vague.  This could be a design problem in the app,
e.g. if some objects are simply assuming that the session contains
certain other objects then you should expect unexpected behaviour.  My
guess is the behaviours you see are quite certain, just not well
understood.

>       Instead, I wish I go direct him to the Webapp log in page.

If every page in the web app is supposed to require authentication you
need to declare that in web.xml.  I'm assuming (perhaps incorrectly)
you've already got some declaration in there for form authentication?

> 
> My Webapp "itself" behaves properly.
> My problem occurs only if the user uses browser functionalities or buttons.
> 
> I don't know how to deal with that issue.
> Can you help me?
> 
> Best regards,
> --
> Léa



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message