-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
Pid wrote: > I have an app with a page which contains a flash object (displays a nice > graph) that calls a groovy script periodically to get data. > > If the user session times out in between requests for the script then > when it's requested it's the first one after de-auth, so it becomes the > target that is re-established after re-login, (obviously not useful for > users). I have a part of my application served by Cocoon which calls-back the "real" application to get XML data. What I've done is put the XML-generating URLs into an unprotected space. These servlets (Struts actions, actually) do their own (mild) checking to see if the user is authenticated and authorized before returning the data. Otherwise, they return appropriate XML-formatted data that says "no credentials". Here's where things would be different for you and me, because I use securityfilter. I simply show a login page directly from Cocoon, make the action="j_security_check" and set a special "forward_to" URL parameter that tells securityfilter to redirect the user back to the page they originally requested (tricky, eh?). In your case, you could redirect the user to some other page (like a trampoline page), Tomcat would demand credentials in the meantime, and then the trampoline would send the user back to your page with the flash movie. Would that work for you? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklwsooACgkQ9CaO5/Lv0PB1tACgiB5j2sIWXOU+kpMzYAqkOr+V ny4AoJmlQVdeBOM8wtiGh0YFC8030M1F =zKqx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org