File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes connection reset problem in form based authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "connection reset problem in form based authentication" Watch "connection reset problem in form based authentication" New topic

connection reset problem in form based authentication

Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

1.session time out set 10 mins
2.user triggered home.jsp which is protected container showup him login.jsp which contains j_security_check action blah,blah..
4.user went for a tea break for 12 mins leaving the login page without enter the credential.
5.user back; enter the username/password and he is getting connection reset error

i think form based authentication is relying on session. i want user should redirect to success.jsp upon successful login?

P.S is there anyway to get j_username/j_password in success.jsp?

any way? I am not able to find a way.
Jaikiran Pai

Joined: Jul 20, 2005
Posts: 10441

This doesn't look like anything to do with session timeout. A session timeout comes into play only after a session has been created. In the case you explain, the session hasn't been created yet. This has more to do with the HTTP authentication process itself where the server challenges the client to pass on the credentials for the requested resource. I am not fully aware of the HTTP RFC but a quick glance suggests that the server can set a specific timeout/timestamp which limits the time within which the client is expected to respond to the authentication challenge. Failing which, the subsequent request containing the credentials, from the client is rejected. I think you might have to take a look at the HTTP RFC or some similar documentation to understand what the default timeouts are and if they are configurable (I won't be surprised if it isn't).

[My Blog] [JavaRanch Journal]
Seetharaman Venkatasamy
Ranch Hand

Joined: Jan 28, 2008
Posts: 5575

Thanks jaikiran,

actually before login there are doing some session stuff - I dont know in detail..down the road need to dig

I found 2 work around,

1. refreshing the page before session time out so that server maintain the same session and connection - simple stuff?.

2. bit complex logic - after session time out when user hit enter retaining there are credential in session then redirect again to login page then onload submit,
if there is values in new session (not tested though)

I always want to apply work around-1 since it is very simple. and I explained(convinced) to my boss(architect) , yes... he said well done

simple refresh tag done the job...
I agree. Here's the link:
subject: connection reset problem in form based authentication
It's not a secret anymore!