Hi there, we're running some websites which are heavily framed (unfortunately) using IFrames.
Authorization is done via FormBased Auth using Tomcat's built-in j_security_check-method. However, this is giving us some headaches when an application times out. As you may know, j_security_check operates in the following way: Pre-Condition: Authorization for web-app has timed out - requested URL is sent to tomcat - Tomcat delegates the request to j_security_check to authorize the request - j_security_check stores the originally URL - j_security_check forwards to a defined form to request userid / password - if authorization is ok, j_security_check will forward to the url which initially was requested. Sounds good so far, hm? However, if you have a webapp working with frames, this scenario does not work. Imagine a webpage having this structure: <html> <body> <some html here chaning the source of the iframe - a menue i.e.> <iframe src="../../../index.htm"> </iframe> <some more html there> </body> </html> Now if the session times out, the user clicks on the menue, the url requested is the source of the IFrame. After being authorized by j_security_check, it's forwared to said url with the consequences, that the menue (in this example) is missing, also all the other html "wrapped around" the IFrame. I know that using frames actually is a no-go in web-design, however, due to budgetary reasons a complete re-design using CSS is not an option. Now my question: Does any of you have a clue how to workaround this problems? My first thought was to generate a JavaScript on top of each page making sure it's called within an IFrame, however, I dislike this. My preferred solution would be that after performing j_security_check always was to forward to "/index.html": I tried to write a servlet that would use chaining and forward to "/index.html", howver, j_security_check simply ignores that and forwards to the url originally requested. Now enlarge your personal karma and be so kind to post some suggestions, please ;) Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]