Christopher Schultz wrote:
Tokajac,
Tokajac wrote:
| But when i submit the (activated) username and password, i got the
|
--------------------------------------------------------------------------
| HTTP Status 408 - The time allowed for the login process has been
exceeded.
| If you wish to continue you must either click back twice and re-click the
| link you requested or close and re-open your browser
This is probably because you went directly to the form login page, and
you are using Tomcat's built-in container-managed authentication and
authorization.
Instead of sending the user directly to the login-page, try sending them
to a protected URL (like /myApp/someProtectedPage). This will cause
Tomcat to display the login page itself (which is actually required),
and then the login should work.
| What's wrong here? Is it something about sessions/cookies? How should i
| solve this?
Technically, the 408 is probably because of the timing of your testing.
If you waited like 1 hour between requests, you'd get a different error
like "unexpected login at this time" or a 404 because j_security_check
isn't a valid URL unless the container is expecting it. It's a bit odd,
but the servlet specification does not allow for "drive-by" logins, and
so Tomcat does not implement them.
If you go directly to the login page Tomcat can't tell the difference
between that situation and when you go to a protected page, are redirected
to the login page and then take so long to log in the session times out
(the page you need to be sent back to is stored in the session). The error
message assumes that the session has timed out.
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
