Don't send people who logout to a protected page, forcing a login page to appear. Better to offer up a public, non-login page and have people click a link to initiate a new request for a protected page.

--David

Michael Swierczek wrote:

I'm receiving a 408 error, and I do understand why.  I just can't
figure out an end-user friendly way to avoid it.

The application runs on Tomcat 5.0.28 with form-based authentication.
It is accessed by some end users from regular PCs, but most connect
from kiosk web browsers.   When someone initially connects, a new
session is generated, they see the login page, they enter their
credentials, and login is fine.   Then they log out, and the login
page sits with no activity for hours, days, or weeks.   The next user
comes along, enters their credentials, and submits.   The request
reaches the server with an expired session id and a 408 error is
generated.

I've read parts of the 2.4 servlet specification, and I realize this
is the expected behavior.  But obviously this isn't what we want, it
is annoying to end users (even if I hide the 408 error and
transparently redirect back to the login page).

I've never used Ajax, but I imagine it would be possible to
transparently retrieve a new session ID from the server as soon as the
user starts to type a username or password.   Assuming I can do that,
it would solve the problem - but I am almost positive other solutions
to this existed before the advent of Ajax.

I would really appreciate any help, or suggestions as to where to
search for more information.

Thanks,
Mike

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to