On 30/07/2012 21:24, Kris Easter wrote:
>
> I'm looking at the org.apache.catalina.authenticator.FormAuthenticator
> class from the 7.0.29 src. This portion of the authenticate method
> starting around line 301 is where I'm having a little problem:
>
>
> if (log.isDebugEnabled()) {
> log.debug("Authentication of '" + username + "' was successful");
> }
>
> if (session == null) {
> session = request.getSessionInternal(false);
> }
>
> if (session == null) {
> if (containerLog.isDebugEnabled()) {
> containerLog.debug
> ("User took so long to log on the session expired");
> }
>
> if (landingPage == null) {
>
> response.sendError(HttpServletResponse.SC_REQUEST_TIMEOUT,
> sm.getString("authenticator.sessionExpired"));
> } else {
> // Make the authenticator think the user originally requested
> // the landing page
> String uri = request.getContextPath() + landingPage;
> SavedRequest saved = new SavedRequest();
> saved.setMethod("GET");
> saved.setRequestURI(uri);
> request.getSessionInternal(true).setNote(
> Constants.FORM_REQUEST_NOTE, saved);
> response.sendRedirect(response.encodeRedirectURL(uri));
> }
> return (false);
> }
>
>
> If the user sits too long on the login page the session times out, even
> if their credentials were authenticated successfully, and sends them
> back to the login page where they must re-enter their credentials. It
> works this way even if I define a landingPage. Without a landingPage I
> get the dreaded 408 error.
>
> Can anyone enlighten me as to why it's a bad idea if:
>
> if (session == null) {
> session = request.getSessionInternal(false);
> }
>
> is instead:
>
> if (session == null) {
> session = request.getSessionInternal(true);
> }
Because the session defines where to go after the authentication i.e.
which page the user requested originally. I suppose we could allow the
user to transition to the landing page in that case.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
