Hi Chris, On Tue, Dec 2, 2008 at 3:51 PM, Christopher Schultz <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > >> Now if the session times out, the user clicks on the menue, the url >> requested is the source of the IFrame. > > This shouldn't be the case: the URL requested should be the URL of the > link that was clicked. Am I just interpreting "the source of the iframe" > incorrectly? >
maybe my explanation was a bit missleading: Actually, the linki is called from a JavaScript-menue *sic*. The link looks like this: <a href="whlstt911.htm#912" target="some_inner_frame"><img src="../snbulletopen.gif" border="0" align="absmiddle"> Medizin</a> As you can see, in this menue there's always the target (the inner frame) specified. However, j_security_check takes the original link (in this case: "whlstt911.htm#912") and open this page. However, this page is not displayed within the inner frame but as it's very own page, so that verything "around" the IFrame is lost. > > 1. If you follow a link in a frame, your login page needs to be > in-frame friendly. > 2. If you reload the entire page, your login page needs to be > out-of-frame friendly. > Hm, I got not the slightest idea what you mean by in-frame- / out-frame-friendly - could you shed some light? Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]