Pipelining Problem after Form Authentication with Firefox and Status Code 408

Wed, 08 Aug 2007 22:08:03 -0700 

Hello,
I have some troubles with firefox and form authentication running on Tomcat 5.0.28. 
It happens as followed:
User requests restricted Page and is redirected to a LoginServlet which forwards the request to a Login.jsp. Nothing special here. Instead of logging in, the user waits, for as long as the configured session timeout e.g. 5 Minutes. After 5 Minutes he try to log in. The session is already expired an Tomcat answers with Status Code 408. Status Code 408 should be handled by an error-page configured in the web.xml. 
<error-page>
  <error-code>408</error-code>
  <location>Error.jsp</location>
<error-page>
With IE7 ore Safari i see ONE Request in my Tomcat Access Logfile, answered with a 408, and then the Error Page is displayed. In Firefox 2.0.5 however, not ONE but TEN requests are made. All are answered with 408, but not the Error Page is displayed, but a default file not found status code 404 (j_security_check not found) is displayed.
If I then configure an error-page for status code 404 it gets even stranger, and after all request were made, firefox displays its standard "The connection was reset" page.
As far as i understand the problem, firefox with enabled pipelining sends multiple requests after the session expired and tomcat can not handle those requests. 

What i don't understand is, why firefox sends so many requests?
Can i control this behavior by setting some response headers? I already tried Pragma: no-cache and 
Cache-Control: no-cache,no-store,must-revalidate?
Or meta-tags in the html of the Login.jsp?
Another interesting side effect is, that even so the server answer with a 408, the JDBC Realm successfully authenticates the user. And if you click the back button in the Browser you get to the actual requested page without further Logins. 
But i guess, thats another question ....

Any help is appreciated,

Derek


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to