2010/8/10 Eli Chernos <e...@treepodia.com>: > Hi all, > > I have migrated a Tom Cat 6.0.14 server running on Windows 2003 server to a > Windows 2008 server running Tom Cat 7.0.0. > Every thing is running great except for when I try to access a restricted > folder(password protected) configured with (POST method). > When I try to access a restricted folder the login page is displayed like it > should and when I enter the correct user name and password I'm forwarded to > the requested page. > > The issue is that once I do this with ie8 or ie7 I receive a: > > HTTP Status 408 - The time allowed for the login process has been exceeded. > If you wish to continue you must either click back twice and re-click the > link you requested or close and re-open your browser > > > and on the address bar the /j_security_check is displayed after the > requested URL. > > I should note that it's definitely not a timeout issue, the setting is > default (30) I believe. > I copied the tomcat-users.xml and web.xml exactly as they where on the old > machine, in addition when I try to access the same page with FireFox or > Chrome or any other browser there is no problem at all > > The only clue I was able to find was in the logs, saying: > > Line 86: INFO: WARNING: Security role name ***** used in an > <auth-constraint> without being defined in a <security-role> > > Any ideas guys? > Any help would be really appreciated as I have no clue what might be the > cause of this . > > -- > Thanks & Regards > Eli C >
No clue as well yet either, though 1. You may try with 7.0.2. See "[VOTE] Release Apache Tomcat 7.0.2" thread on dev@ for a download link. There was a bug with handling of a session cookie (49598) that is already fixed. I think that it can cause such behaviour. 2. The product name is "Tomcat" or "Apache Tomcat". Please spell it properly. http://tomcat.apache.org/legal.html 3. The "HTTP Status 408" page is displayed by Tomcat? Is Tomcat running standalone, or behind another web server? 4. > Line 86: INFO: WARNING: Security role name ***** used in an > <auth-constraint> without being defined in a <security-role> You can fix the mentioned error, don't you? Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
