File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Siteminder session timeout - AJAX response issue Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Siteminder session timeout - AJAX response issue" Watch "Siteminder session timeout - AJAX response issue" New topic

Siteminder session timeout - AJAX response issue

Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 199
Hi All,

I have an application which is based on JSF framework. The application uses siteminder for security implementation.
Siteminder intercepts the request and if session times out, stores the request, and redirects to login page. After successful authentication, user is redirected to the page where session timed out.

This is working fine except for AJAX requests. If, an AJAX request was fired by JSF, and siteminder intercepted the request and session has already timed out, siteminder stores this request and hence after successful login, throws the user to the AJAX URL and hence the response which is an XML response, is shown on the browser.

So, basically, an XML is shown on the browser which actually is an AJAX response.

Is there any way I can handle this through JSF or some changes in siteminder configuration are needed. I do not have access to the siteminder.

I was searching on Google and found a URL describing the same issue. But the guy did not get any response. I am facing the exact issue.
Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 199
Anybody's got any input on this ? I am wondering I am unable to find anything on this on Google, for it should be a pretty common problem (Even if siteminder is not used and custom login implementation is done and user is redirected to the original page using this -)

If a custom implementation is done, I may strip off the query string part and store the request URI, but with siteminder, I don't find anything after Google search.
ozay duman

Joined: Jan 22, 2012
Posts: 2

i have a web application that uses j_security_check for login purpose.
when session of a user time outs it is redirected to last accessed source (such as xml,html page or amf). My aim is to enable to user to redirected to the same resource(page) after login. I solved this problem by makig ajax call when submit button pressed. Here is my solution

ozay duman
Girish Vasmatkar
Ranch Hand

Joined: Apr 24, 2008
Posts: 199
Since, I am working with JSF, I do not have this option. Moreover, every single request is intercepted by siteminder, and after the authentication, the same request is fired by siteminder and hence I see XML being printed on the browser (if it was an AJAX request initiated by a4j component).
I agree. Here's the link:
subject: Siteminder session timeout - AJAX response issue
Similar Threads
Siteminder Timeout Overriding Weblogic Timeout
What does IE 8 Cache?
Problem in siteminder logoff
siteminder logout problem
Session Time out problem