Hi,
I've got a struts based app using form based authentication (started out as xpetstore). I have a situation where if I'm on a web form protected by role based security, and the session times out, and then I submit the form, I get to the login page, login, but then the original form data is lost. According to the log data, it's looking for an ActionForm of a different name according to whether the session has timed out or not!!! I thought this stuff was statically configured. When there is no time out, the log looks like this: 2004-03-25 19:40:19,350 INFO [xpetstore.web.filter.SignOnFilter] doFilter() 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] user=bug1b 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] isSignedIn=true 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] uri=/MotoringMemorabilia/updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [xpetstore.web.filter.SignOnFilter] _login=/login.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /updateCustomer.jspa 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Processing a 'POST' for path '/updateCustomer' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.ExistingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.util.RequestUtils] --> [EMAIL PROTECTED] 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Storing ActionForm bean instance in scope 'request' under attribute key 'existingCustomerForm' 2004-03-25 19:40:19,350 DEBUG [org.apache.struts.action.RequestProcessor] Populating bean properties from this request 2004-03-25 19:40:19,360 DEBUG [org.apache.struts.action.RequestProcessor] Validating input form properties 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] No errors detected, accepting input 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Looking for Action instance for class xpetstore.web.struts.action.customer.UpdateCustomerAction 2004-03-25 19:40:19,370 DEBUG [org.apache.struts.action.RequestProcessor] Creating new Action instance 2004-03-25 19:40:19,370 INFO [xpetstore.web.struts.action.customer.UpdateCustomerAction] execute() When there is a timeout the log goes like this: 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'newCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.customer.NewCustomerForm' 2004-03-25 20:10:56,908 DEBUG [org.apache.struts.util.RequestUtils] --> [EMAIL PROTECTED] 2004-03-25 20:10:56,918 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /cart.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /signon.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /search.jspa 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Looking for ActionForm bean instance in scope 'request' under attribute key 'searchForm' 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Creating new ActionForm instance of type 'xpetstore.web.struts.action.product.SearchForm' 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] --> [EMAIL PROTECTED] 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /index.jsp 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Module name found: default 2004-03-25 20:10:56,928 DEBUG [org.apache.struts.util.RequestUtils] Get module name for path /category.jspa?categoryId=SIGNS The relevant action configuration looks like this: <action path="/updateCustomer" type="xpetstore.web.struts.action.customer.UpdateCustomerAction" name="existingCustomerForm" scope="request" input="/myaccount.jsp" unknown="false" validate="true" > <set-property property="secure" value="true" /> <forward name="success" path="/index.jsp" redirect="false" /> <forward name="error" path="/myaccount.jsp" redirect="false" /> The form that is posted is declared in html like this: <form name="existingCustomerForm" method="post" action="/MotoringMemorabilia/updateCustomer.jspa"> I need to understand the interplay between container (form) based authentication, filters and struts actionservlet. Can anyone shed some light? Thanks Martin --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]