RE: [flexcoders] RE: Session Timeout Problem

[Carson Hager]

That's the kicker with Form auth in J2EE.  The problem is when the session times out and another request is made from a remoteobject, httpservice, etc., the server returns the form auth HTML to the calling object which of course makes it choke.  What we typically do is implement SSO across web apps on the server and have one web app with the swf, html, login page etc. locked down under form auth but then house all web services in a separate web app which uses basic auth. Because it uses basic auth, if the server does not reauth automatically, it returns a valid http 401 rather than a bunch of html with an accompanying 200. The Flash Player can deal with the 401 and you can catch this exception and deal with it yourself to then redirect the page to a secure resource which then causes your form auth to come up again.     Carson   ____________________________________________   Carson Hager Cynergy Systems, Inc. http://www.cynergysystems.com   Email:  [EMAIL PROTECTED] Office:  866-CYNERGY Mobile: 1.703.489.6466     From: flexcoders@yahoogroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Dave Kuncl Sent: Thursday, June 15, 2006 4:31 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] RE: Session Timeout Problem Here is more information if it helps anyone diagnose my problem…. In this application we are using form based authentication and have written a custom security registry for websphere.  We are logging in using a jsp form, and posting to j_security_check. Does this work or do I need to create a custom login form in MXML and run a login command for webshpere? From: flexcoders@yahoogroups.com [mailto:flexcoders@yahoogroups.com] On Behalf Of Dave Kuncl Sent: Thursday, June 15, 2006 12:05 PM To: flexcoders@yahoogroups.com Subject: [flexcoders] Session Timeout Problem We have a flex 1.5 application running on Websphere 5.1 and are using a custom registry for security. The problem that we are having is when the session times out, the flex application hangs when you make a call through the gateway to the server.  For some reason, the application doesn’t know that the session has timed out.  We never get a 401 error or any other error from the gateway. If you refresh the browser, the browser redirects you to the login screen, so the browser is getting the 401 error. Is there something I need to do when configuring the security on the flex side to handle a HTTP 401 error? __._,_.___ -- Flexcoders Mailing List FAQ: http://groups.yahoo.com/group/flexcoders/files/flexcodersFAQ.txt Search Archives: http://www.mail-archive.com/flexcoders%40yahoogroups.com SPONSORED LINKS Web site design development Computer software development Software design and development Macromedia flex Software development best practice YAHOO! GROUPS LINKS  Visit your group "flexcoders" on the web.    To unsubscribe from this group, send an email to:  [EMAIL PROTECTED]    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. __,_._,___