Hint: Tomcat, Form-Login and HTTP 408-Error

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

JSP - A mailing list about Java Server Pages specification and reference

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Oracle Connection Pooling in 3 2 2
•	Servlet : Session invalidate
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Tomcat and webapplication specific java library path
•	Running a Simple JMS Example
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	Cannot find message resources under key org apache struts action MESSAGE
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	url string for connecting jboss to oracle
•	Value attribute of <html:checkbox
•	javax servlet ServletException: BeanUtils populate
•	HTTP Status 404 The requested resource is not available
•	5 0 18: Windows XP Pro vs Windows 2000

Hint: Tomcat, Form-Login and HTTP 408-Error

Hint: Tomcat, Form-Login and HTTP 408-Error

2006-11-27 - By Gregor Schneider

Back
Hi guys,

as you may remember, quite a while ago I asked this list if anybody
had a hint why we're getting a HTTP 408-error every now & then when
logging in to a secured web-app.

Usually, a HTTP 408 occurs when the time for a login is exceeded,
which usually can be fixed easily by setting the session-timeout
either in conf/web.xml or webapps/your_app/WEB-INF/web.xml to an
appropriate value.

However, not in our case, we still got that error, worst of all:
Sometimes we got it, sometimes not, it was irreproducible.

Meanwhile, we found a working solution for it.

Our server-architecture here is that we have an Apache http 2.0.53 in
front serving the static content, AA is done by Tomcat 5.5.17 via
mod_auth_cookie_mysql, servlets are also served by Tomcat 5.5.17 via
mod_jk, all is served through SSL.

We found out, that this error never occured when the cache
(client-side) first is deleted. So, we figured we just had to send
some headers like

Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache

However, it worked for FireFox 1.5, 2 but not for IE in any spice (IE
7 not tested, though).

Fact was, that IE gives a flying f... on what the headers tell it what
to do with the cache.

The solution finally was pretty simple:

Additionally to passing the correct headers we changed our
Login-Screen (in our case static HTML, but should work in any case) in
that way, the we passed

<meta http-equiv="Cache-Control" content="no-store,no-cache,must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">

IE then accepts this and does not store / cache the login-form, and
everything's fine.

Conclusion on our side was, that here's a bug in IE with the handling
of HTTP-headers when it comes to caching, what can be cicumvented by
issuing the corrosponding meta-data in the HTML.

Hope this will help someone in the future when surfing the mailinglist-archives

Cheers

Greg
--
what's puzzlin' you, is the nature of my game

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)