So what if my login page does NOT create a session and the user browses to the login page and then enters credentials ? In that case there will be no session created when login form is submitted.
As I understand it I must ensure that the login page creates a session Henrik "Mark Thomas" <[EMAIL PROTECTED]> skrev i en meddelelse news:[EMAIL PROTECTED] > hv @ Fashion Content wrote: >> I get: >> >> HTTP Status 408 - The time allowed for the login process has been >> exceeded. If you wish to continue you must either click back twice and >> re-click the link you requested or close and re-open your browser >> >> Will it happen when a JSESSION cookie is on the client, but no longer on >> the server? > > It happens with FORM authentication. The sequence of events is: > - user requests protected page > - server returns login jsp (session is created at this point) > - user does nothing > - session expires (default 30 minutes?) > - user submits login form > - server can't find session associated with login as it has expired > - server returns 408 > > Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]