On 22/10/2010 05:15, Gabriele Bulfon wrote: > Hello, I'm trying to figure out how to solve a very stupid problem. > I have a solution, but I want to know if there is some other better ways. > I have a webapp configured with jaas security. > The login form page is configured and the security check works perfectly. > But, if a user starts the browser and goes to the login page, then leaves the > browser there > for some reason, when he/she gets back later and try to login, it's like the > login form has expired, > and TomCat fails with the "Invalid direct reference to form login page". > The only way I've seen so far to avoid this, is to have a javascript function > to reload the login form > every n seconds if the user does not enter. > It's as if TomCat creates a session for the login form, and this session > expires. That is exactly what happens.
> How can I avoid this? Right now with Tomcat you can't. 7.0.5 will have a config option that helps. Or look at the security filter project. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
