iainmac wrote:
3. This page is made up of a parent frame and 2 sub-frames.
4. The parent frame (the named page that the redirect is to) does that check
above i.e. tries to get the Username from the session object- This works
successfully. This page begins to load.
5. The first sub-frame begins to lad, tries the same check - in MSIE (and in
Tomcat 5.0.28 other browers too) we are given the same validated session, so
all works fine. In other browsers with 6.0.24 a new session is given, and
so I am again redirected to the logon page! In a loop! Same this happens
with second sub frame.
As a work around I have simply rewritten my pages not to use frames, all
works fine.
I believe that what you indicate above is the core of the issue.
It has nothing to do with Tomcat, it has to do with the logic of what
you are doing, and the way different browsers handle separate windows
(or frames, which are separate windows).
I'll try to give an example :
Suppose that the first document you request from the server is a frame
document, with 2 frames.
The frame document itself is not submitted to authentication by the
server. So it loads in the browser without problems. While loading
this frame document, the browser notices that it is a frame document,
and that there are 2 links in it to load the individual frames. So the
browser creates 2 new windows (the frames) and issues 2 new requests
(one per frame), to fill these windows.
Any or all of these individual frame URLs is set up on the server as
requiring authentication.
So now look at it from the server side.
It receives 2 separate (and almost simultaneous) requests for different
URLs, each one submitted to authentication. The server has no idea that
these requests come from the same browser, and each one is handled
separately, as if they came from 2 different workstations even.
(So basically, each request may be handled by a different thread or
child of the webserver).
At this point, none of these requests contains any authentication
headers, because the browser has not done any authentication yet.
So basically, the server is going to answer each one of them,
individually, by sending the login page.
And so on.
The above may not be exactly what happens in your case.
But I hope it is sufficient to give you an idea of what to look for.
The symptoms are going to vary depending on how each browser exactly
issues the different requests to the webserver (in the same connection
or not e.g.), how it handles windows, frames, tabs, iframes etc.., the
load on your server, how users get to this first page and so on.
In other words, practical recommendation : do not have the first page of
your website be a frame document requiring authentication. This would
create problems with any webserver, not just with Tomcat.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
