w*******o
发帖数: 6125 | 1 当session timeout时,跳到timeout.jsp,并提供Click Here to login again
连接返回login.jsp,并能成功登陆。问题是,如果用户click IE的Refresh button,页面
同样返回login.jsp,但此时登陆,仍然返回timeout.jsp,登陆不成功,
不知道有没有人遇到类似情况,是否可以在web.xml什么的设置redirect
的target?(Tomcat 4.1) | f*****g
发帖数: 31 | 2
面
Don't understand you business logic. But you can try to
create a new session in action of login.jsp
session = request.getSession (true);
【在 w*******o 的大作中提到】
: 当session timeout时,跳到timeout.jsp,并提供Click Here to login again
: 连接返回login.jsp,并能成功登陆。问题是,如果用户click IE的Refresh button,页面
: 同样返回login.jsp,但此时登陆,仍然返回timeout.jsp,登陆不成功,
: 不知道有没有人遇到类似情况,是否可以在web.xml什么的设置redirect
: 的target?(Tomcat 4.1)
| w*******o
发帖数: 6125 | 3 The exact case I met:
The problem I have found is that if you have security enabled (via
security-constraint, login-config, security-role etc in web.xml), and have a
short session timeout, any user activity after the timeout expires causes a
redirect back to the auth-method (e.g FORM).Once authentication is successful,
processing then continues where the user left off however any context objects
that were bound to the previous session are lost and the results are
unpredictable. I too would like
【在 f*****g 的大作中提到】
:
: 面
: Don't understand you business logic. But you can try to
: create a new session in action of login.jsp
: session = request.getSession (true);
|
|
