I have a form on a page that posts directly to j_security_check:
http://www.site.com/index.htm
<form method="post" action="https://secure.site.com/j_security_check">
<input type="text" name="j_username" />
<input type="password" name="j_password" />
</form>
When the POST request is received by secure.site.com, it kicks back a 408
response code and this message:
"The time allowed for the login process has been exceeded. If you wish to
continue you must either click back twice and re-click the link you
requested or close and re-open your browser"
Now I know it's choking because no session has been established. But why
doesn't j_security_check authenticate first and then attempt to set
session/cookies? Does anyone have a FORM based login workaround for this?
Second question, what source module implements j_security_check?