Well I've just simplified by login form - plain html - no struts stuff going on.
I've also simplified the filter so detects a fresh logon and starts a session accordingly - no longer any redirecting to LoginAction.
However the critical behaviour is still the same - existingCustomerForm - the one I need to survive the login process still ends up getting trashed.
I'm wondering if I have to make every form (that might span a session timeout) part of the login page so that it stays alive - this sounds like a ridiculous solution. Has anyone else got a solution?
It may be a little ridiculous, but if the security implementation doesn't pass along form data when it forwards to the intended destination, then there's not much you can do about it.
I'm assuming that the container is intercepting before Struts ever gets a chance to create an ActionForm based on the submission, so I don't think that making them session scoped is likely to help.
This probably doesn't constitute a solution, but perhaps extending the session timeout would help a bit. Perhaps you could come up with some kind of javascript hack which calls a URL against the struts app periodically to keep the session alive?
Joe
--
Joe Germuska [EMAIL PROTECTED] http://blog.germuska.com "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining."
-- Jef Raskin
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
