Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

connection reset problem in form based authentication

 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1.session time out set 10 mins
2.user triggered home.jsp which is protected
3.now container showup him login.jsp which contains j_security_check action blah,blah..
4.user went for a tea break for 12 mins leaving the login page without enter the credential.
5.user back; enter the username/password and he is getting connection reset error

i think form based authentication is relying on session. i want user should redirect to success.jsp upon successful login?

P.S is there anyway to get j_username/j_password in success.jsp?

any way? I am not able to find a way.
 
Jaikiran Pai
Marshal
Pie
Posts: 10447
227
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This doesn't look like anything to do with session timeout. A session timeout comes into play only after a session has been created. In the case you explain, the session hasn't been created yet. This has more to do with the HTTP authentication process itself where the server challenges the client to pass on the credentials for the requested resource. I am not fully aware of the HTTP RFC but a quick glance suggests that the server can set a specific timeout/timestamp which limits the time within which the client is expected to respond to the authentication challenge. Failing which, the subsequent request containing the credentials, from the client is rejected. I think you might have to take a look at the HTTP RFC or some similar documentation to understand what the default timeouts are and if they are configurable (I won't be surprised if it isn't).
 
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Java Windows XP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks jaikiran,

actually before login there are doing some session stuff - I dont know in detail..down the road need to dig

I found 2 work around,

1. refreshing the page before session time out so that server maintain the same session and connection - simple stuff?.

2. bit complex logic - after session time out when user hit enter retaining there are credential in session then redirect again to login page then onload submit,
if there is values in new session (not tested though)

I always want to apply work around-1 since it is very simple. and I explained(convinced) to my boss(architect) , yes... he said well done

simple refresh tag done the job...
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic