2012/5/14 Thomas Rohde <t...@ordix.de>: > Hi! > > I configured the Manager's maxActiveSessions attribute in context.xml. If the > configured value is exceeded an IllegalStateException "createSession: Too > many active sessions" is thrown in ManagerBase class. In our application we > catch this exception around httpServletRequest.getSession(true) and redirect > to an customized error page. Works! > > Now I activated form based authentication via securiy constraint in web.xml. > If I try to open the web application with my browser by sending the first > request, the response is empty (status 200 OK). > > Is there any way to map a static customized error page in this scenario? >
It depends on where ErrorReportValve is in the request processing chain in your situation. There were several changes to that (read: fixes) in different Tomcat 7.0.x versions. You did not wrote which version you do use. If it is reproducible in latest 7.0.27, feel free to create a bug report and attach a simple sample web application + steps to reproduce. It might be that it is already reproducible with the standard example app [1], but I have not tried. [1] http://localhost:8080/examples/jsp/security/protected/index.jsp > If not: Is there any other approach to limit the number of sessions? I think it is possible with a Filter, Valve or with a SessionListener. It should be also be possible with a custom o.a.c.Manager. YMMV. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
