On Wed, Feb 11, 2009 at 4:43 PM, lynckmeister <lync...@gmx.de> wrote: > > Hi Gregor, > > I didnt get it. Your writing a peace of code wich lets me custmize the url > or page wich is called if a sessiontimeout occurs? > Nope.
What the Valve does, ist the following: If a session times out, usually nothing is happening. However, when requesting some content of the protected site *after* the session times out, Tomcat usually does the following: - store the original request - call the defined-login-screen via j_security - if authentication is ok, procede to the url contained in the original request It's obvious that there are some scenarios where this behaviour is causing problems, i.e. url-selections via a javascript-menue, framed sites etc. However, when using the valve, you can specify the url to which should be forwarded *after* positive authentication, i.e. "index.html". Therefore, I figure that such a valve might be a perfect solution for your problem. Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
