This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
1.session time out set 10 mins
2.user triggered home.jsp which is protected
3.now container showup him login.jsp which contains j_security_check action blah,blah..
4.user went for a tea break for 12 mins leaving the login page without enter the credential.
5.user back; enter the username/password and he is getting connection reset error
i think form based authentication is relying on session. i want user should redirect to success.jsp upon successful login?
P.S is there anyway to get j_username/j_password in success.jsp?
This doesn't look like anything to do with session timeout. A session timeout comes into play only after a session has been created. In the case you explain, the session hasn't been created yet. This has more to do with the HTTP authentication process itself where the server challenges the client to pass on the credentials for the requested resource. I am not fully aware of the HTTP RFC but a quick glance suggests that the server can set a specific timeout/timestamp which limits the time within which the client is expected to respond to the authentication challenge. Failing which, the subsequent request containing the credentials, from the client is rejected. I think you might have to take a look at the HTTP RFC or some similar documentation to understand what the default timeouts are and if they are configurable (I won't be surprised if it isn't).
actually before login there are doing some session stuff - I dont know in detail..down the road need to dig
I found 2 work around,
1. refreshing the page before session time out so that server maintain the same session and connection - simple stuff?.
2. bit complex logic - after session time out when user hit enter retaining there are credential in session then redirect again to login page then onload submit,
if there is values in new session (not tested though)
I always want to apply work around-1 since it is very simple. and I explained(convinced) to my boss(architect) , yes... he said well done