Hi Chris, Thank you for the response!
So the user will be sent to a non-secure page that just says "Session Timed out" and a link that they click to go back to the login page? The link will then be to a url that requires authentication and then the application works as before? Interesting.... I think I was stuck in the details of how to get it to work just using the one login.jsp. Learned a lot about the internals of tomcat doing that =) Fu-Tung --- On Thu, 10/9/08, Christopher Schultz <[EMAIL PROTECTED]> wrote: > From: Christopher Schultz <[EMAIL PROTECTED]> > Subject: Re: Session Timeout and Realm Authentication and Posted Error Message > To: "Tomcat Users List" <users@tomcat.apache.org> > Date: Thursday, October 9, 2008, 9:29 PM > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Fu-Tung, > > Fu-Tung Cheng wrote: > > The way the realm typically works is that you request > a url say > > /hello.jsp, the app detects you need authenticate so > it saves the > > original request and forwards you over to the > login.jsp. You fill in > > the fields, the auth recoignizes you, restores your > original request > > and forwards you to hello.jsp. > > > > Now in my case, the session times out, the client code > detects the > > timeout and posts to /myapp. The problem is that that > auth then > > removes the post parameter but I need that to display > the error > > message. > > I have a similar setup on my own application, and I have > elected to poke > a hole through my authentication for those few URLs > affected. This URLs > are handled by code that will simply respond with a > "session timeout" > error. Then, your client can perform whatever login is > necessary and > then re-attempt the connection to the service URL. > > Hope that helps, > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - > http://enigmail.mozdev.org > > iEYEARECAAYFAkjud6AACgkQ9CaO5/Lv0PCv9gCgiI4ZmYKYi5uiTugFMN13/a4n > D9wAoJhUvgY8Nv8l+Py5HCPAi+kPtxg0 > =kJJT > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
