Hi,
It is not CMS. Will take a look at the security filter.
Mohan
-----Original Message-----
From: Max Cooper [mailto:[EMAIL PROTECTED]
Sent: Friday, March 07, 2003 1:30 PM
To: Struts Users Mailing List
Subject: Re: Association between Session object and Cookies/URL
rewriting
> Requirement is this : My login page itself expires even if the user
> doesn't login for the session timeout period. We want to prevent that.
Hmm... I don't think there is much you can do in that case with
container-managed security. If the user fails to login within the session
expiration time, their session will expire. When the user then submits the
login form, it will look like a spontaneous login to the server, which is
not supported with container-managed security, and will cause an error (on
Tomcat at least; WebLogic does something a little different, but I think the
different behaviors just highlight the reason why depending on this setup is
risky).
The SecurityFilter project supports this kind of operation to some extent.
The session will still expire, so the server will not be able to take the
user directly to the protected page that caused the login form to appear.
But SecurityFilter supports the configuration of a 'default page' to send
the user to if they login without an active session, or simply submit a
login form without being sent there by the filter.
http://securityfilter.sourceforge.net/
-Max
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
