• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

connection reset problem in form based authentication

Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1.session time out set 10 mins
2.user triggered home.jsp which is protected
3.now container showup him login.jsp which contains j_security_check action blah,blah..
4.user went for a tea break for 12 mins leaving the login page without enter the credential.
5.user back; enter the username/password and he is getting connection reset error

i think form based authentication is relying on session. i want user should redirect to success.jsp upon successful login?

P.S is there anyway to get j_username/j_password in success.jsp?

any way? I am not able to find a way.
Posts: 10445
IntelliJ IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This doesn't look like anything to do with session timeout. A session timeout comes into play only after a session has been created. In the case you explain, the session hasn't been created yet. This has more to do with the HTTP authentication process itself where the server challenges the client to pass on the credentials for the requested resource. I am not fully aware of the HTTP RFC but a quick glance suggests that the server can set a specific timeout/timestamp which limits the time within which the client is expected to respond to the authentication challenge. Failing which, the subsequent request containing the credentials, from the client is rejected. I think you might have to take a look at the HTTP RFC or some similar documentation to understand what the default timeouts are and if they are configurable (I won't be surprised if it isn't).
Seetharaman Venkatasamy
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks jaikiran,

actually before login there are doing some session stuff - I dont know in detail..down the road need to dig

I found 2 work around,

1. refreshing the page before session time out so that server maintain the same session and connection - simple stuff?.

2. bit complex logic - after session time out when user hit enter retaining there are credential in session then redirect again to login page then onload submit,
if there is values in new session (not tested though)

I always want to apply work around-1 since it is very simple. and I explained(convinced) to my boss(architect) , yes... he said well done

simple refresh tag done the job...
    Bookmark Topic Watch Topic
  • New Topic