On Mon, 2012-07-30 at 14:36 -0600, Mark Thomas wrote:
> On 30/07/2012 21:24, Kris Easter wrote:
> >
> ...
> >
> > If the user sits too long on the login page the session times out, even
> > if their credentials were authenticated successfully, and sends them
> > back to the login page where they must re-enter their credentials. It
> > works this way even if I define a landingPage. Without a landingPage I
> > get the dreaded 408 error.
> >
> > Can anyone enlighten me as to why it's a bad idea if:
> >
> > if (session == null) {
> > session = request.getSessionInternal(false);
> > }
> >
> > is instead:
> >
> > if (session == null) {
> > session = request.getSessionInternal(true);
> > }
>
> Because the session defines where to go after the authentication i.e.
> which page the user requested originally. I suppose we could allow the
> user to transition to the landing page in that case.
>
> Mark
That would be preferable for my use case.
Kris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
