Hello experts.
We are using FormAuthenticator and face a following issue:
1) Session persistence is disabled
2) User is on login page
3) Restart Tomcat
4) User tries authentication
He receives error 400 or 408.
While digging deeper we discovered that in this case Tomcat validates
session id and if it's old/invalid - prevents logging-in even though
valid credentials are passed.
We tried landingPage solution - it looks better than error 400/408 but
anyway it forces user to enter credentials twice (or we don't know how
to pass credentials to landingPage implicitly).
We think that an improvement of user experience would be :
FormAuthenticator: 255
if (session == null) {
session = request.getSessionInternal(false);
}
==>
if (session == null) {
session = request.getSessionInternal(true);
}
So if session is invalid or missing - simply create it.
Does this idea make sense?
Can we achieve the goal of not forcing user entering credentials twice
without changes in Tomcat ?
Thanks in advance!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
