Hi guys, as you may remember, quite a while ago I asked this list if anybody had a hint why we're getting a HTTP 408-error every now & then when logging in to a secured web-app.
Usually, a HTTP 408 occurs when the time for a login is exceeded, which usually can be fixed easily by setting the session-timeout either in conf/web.xml or webapps/your_app/WEB-INF/web.xml to an appropriate value. However, not in our case, we still got that error, worst of all: Sometimes we got it, sometimes not, it was irreproducible. Meanwhile, we found a working solution for it. Our server-architecture here is that we have an Apache http 2.0.53 in front serving the static content, AA is done by Tomcat 5.5.17 via mod_auth_cookie_mysql, servlets are also served by Tomcat 5.5.17 via mod_jk, all is served through SSL. We found out, that this error never occured when the cache (client-side) first is deleted. So, we figured we just had to send some headers like Cache-Control: no-cache,no-store,must-revalidate Pragma: no-cache However, it worked for FireFox 1.5, 2 but not for IE in any spice (IE 7 not tested, though). Fact was, that IE gives a flying f... on what the headers tell it what to do with the cache. The solution finally was pretty simple: Additionally to passing the correct headers we changed our Login-Screen (in our case static HTML, but should work in any case) in that way, the we passed <meta http-equiv="Cache-Control" content="no-store,no-cache,must-revalidate"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="-1"> IE then accepts this and does not store / cache the login-form, and everything's fine. Conclusion on our side was, that here's a bug in IE with the handling of HTTP-headers when it comes to caching, what can be cicumvented by issuing the corrosponding meta-data in the HTML. Hope this will help someone in the future when surfing the mailinglist-archives Cheers Greg -- what's puzzlin' you, is the nature of my game --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
