On Mon, 2012-07-30 at 14:36 -0600, Mark Thomas wrote: > On 30/07/2012 21:24, Kris Easter wrote: > > > ... > > > > If the user sits too long on the login page the session times out, even > > if their credentials were authenticated successfully, and sends them > > back to the login page where they must re-enter their credentials. It > > works this way even if I define a landingPage. Without a landingPage I > > get the dreaded 408 error. > > > > Can anyone enlighten me as to why it's a bad idea if: > > > > if (session == null) { > > session = request.getSessionInternal(false); > > } > > > > is instead: > > > > if (session == null) { > > session = request.getSessionInternal(true); > > } > > Because the session defines where to go after the authentication i.e. > which page the user requested originally. I suppose we could allow the > user to transition to the landing page in that case. > > Mark
That would be preferable for my use case. Kris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org