Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Tomcat and the fly likes Internet Explorer - HTTP Status 408 - The time allowed for the login process has been exceeded Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Internet Explorer - HTTP Status 408 - The time allowed for the login process has been exceeded" Watch "Internet Explorer - HTTP Status 408 - The time allowed for the login process has been exceeded" New topic
Author

Internet Explorer - HTTP Status 408 - The time allowed for the login process has been exceeded

Krem Reid
Greenhorn

Joined: Sep 07, 2009
Posts: 28
This is bugging me to no end!

I have a tomcat hosted web app using realm security
Firefox works prefect but when I log in with IE I get the below error.

HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser


Nothing I've found on the net seems to be a browser specific problem.

Any ideas where to look?

Cheers

Kris



Backlink Service - High PageRank Backlinks to have you flying up through the SERP
Travis Hein
Ranch Hand

Joined: Jun 06, 2006
Posts: 161
<notHelpfulInternetExploerHaterGuyThinking>

So ? Don't use internet explorer, and don't develop applications for things where internet explorer must be used

</notHelpfulInternetExploerHaterGuyThinking>


But objectively, sometimes a login sequence would be
- a GET request from the browser to display the login page
- user enters login information
- a POST request to submit the login form
- server validates the information and replies with a redirect response

such as to clear the POST state, the redirect might go to the landing page after logging in.

So its possible, there is an internet explorer security setting that is disabling or preventing the redirect after post feature.?

Depending on the realm implementation, it could also be trying to set a cookie and redirect, and the landing page requires the cookie signature to be present, if again a security setting in internet explorer is preventing the cookie from sticking properly, the server would likely loop to prevent access un less cookie is present, but session is logged in so set cookie and redirect, and this repeats.

i would try to use the 'firebug' plugin for firefox, and the livehttp headers, have a look at what a successful happy login sequence looks like in firefox, to see what is going on, redirects, cookies being sent. then if you are able to install that internet explorer developer toolbar, try to see if you can see what is going on over the wire when using it,.

Error: Keyboard not attached. Press F1 to continue.
Krem Reid
Greenhorn

Joined: Sep 07, 2009
Posts: 28
Would love to just blow IE out of the water! but....

It is a cookie problem doing this

Using Internet Explorer? Click Tools -> Internet Options, then click on the Privacy tab, then the Advanced button.
Check 'Override automatic cookie handling', then make sure first party and third party cookies are set to accept, and check 'Always allow session cookies'.

Solves the problem but I need to find a way around this still

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15960
    
  19

IE8 was a big improvement. But I still don't trust it to do anything more sensitive than publish cat pictures on FLickr. If that.

However, it sounds like the login process on this site is coded to expect certain cookie interactions and doesn't gracefully handle unexpected cookie-handling setups. So the truth of the matter is, it's probably not just an IE problem. In which case, you're probably stuck with having to do it their way or no way.


Customer surveys are for companies who didn't pay proper attention to begin with.
Krem Reid
Greenhorn

Joined: Sep 07, 2009
Posts: 28
I seem to have found a very simple solution

<meta http-equiv="Cache-Control" content="no-store,no-cache,must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">

Thanks to Greg
http://readlist.com/lists/tomcat.apache.org/users/7/35987.html

 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Internet Explorer - HTTP Status 408 - The time allowed for the login process has been exceeded
 
Similar Threads
HTTP Status 408 in Tomcat 5.5.9
How to use j_security_check directly (skip the login page)?
FORM auth-method problem
Redirect to the requested page failed using form-based authentication
Re-opening the browser