-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gregor,
Gregor Schneider wrote: > However, if you have a webapp working with frames, this scenario does not > work. > > Imagine a webpage having this structure: [snip] > Now if the session times out, the user clicks on the menue, the url > requested is the source of the IFrame. This shouldn't be the case: the URL requested should be the URL of the link that was clicked. Am I just interpreting "the source of the iframe" incorrectly? > After being authorized by j_security_check, it's forwared to said url > with the consequences, that the menue (in this example) is missing, > also all the other html "wrapped around" the IFrame. This scanario should work: the URL being used is the one that should provide the content for that frame. The only uglinesses that occurs are: 1. If you follow a link in a frame, your login page needs to be in-frame friendly. 2. If you reload the entire page, your login page needs to be out-of-frame friendly. The process should still work, it just might require some customization. > My preferred solution would be that after performing j_security_check > always was to forward to "/index.html": You can't do this using Tomcat's built-in authorization. Securityfilter's cvs repo (i.e. not a release build) has this feature, though. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkk1S2wACgkQ9CaO5/Lv0PBkYwCfTaAmWVnJM6ALgN3WJEUynYCi 6EkAoJw1iX7bQVabnxTRkEO7SzWCmakl =eYqz -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]