Marcel Stör wrote: [...]
3. Why does it seem to be relevant that the request where auto-forwarding-to-login-after-session-timeout fails is an AJAX request?
That was my last thought last night before I fell asleep...and my first this morning when I woke up. And then the scales fell from my eyes, it suddenly dawned on me. As expected what Tomcat does is 100% correct. The key words here are "forward" vs. "redirect". My application sends an AJAX request to /app/AppServlet, Tomcat requires authentication because the session had timed out and dutifully *forwards* to the login page. Hence, the result of the request is not some JSON object as expected by the client in the browser but the login page HTML structure/page. The client simply isn't prepared for that and freezes. I'll go fix my application now. Sorry for the disturbance. Regards, Marcel -- Marcel Stör, http://www.frightanic.com Blog: http://frightanic.wordpress.com Couchsurfing: http://www.couchsurfing.com/people/marcelstoer Skype: marcelstoer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org