Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Obsolete
Priority: Major
Fix Version/s: No Release
Affects Version/s: JBossAS-4.2.2.GA
Component/s: Security, Web (Tomcat) service
Labels:
None

SFDC Cases Counter:
SFDC Cases Links:

Description

When using standard J2EE authentication of a WAR file redirects fail to return the correct page.

Authentication proceeds as follows:
1. Request / -> server responds with login page.
2. Login ok -> server authenticates and sends 302 redirect
3. Follow redirect -> server responds with 'real' page.
4. Do some work...
5. Invalidate session to logout; send browser to / with javascript using window.location()
6. Request / -> server responds with login page.
7. Login ok -> server authenticates and sends 302 redirect
8. Follow redirect -> server responds with 304 -> browser renders last seen version of URL: login page.

The result of step 8 should be to display the 'real' page.
Refreshing the page (Ctrl-R) loads the 'real' page fine confirming authentication worked ok and that the browser is incorrectly using a cached copy.
The same behaviour is also seen in Google Chrome, although Internet explorer works as expected.

Possible cause?
-----------------------
I'm wondering if tomcat is getting confused with the If-Modified-Since or If-None-Match values on the requests? The requests made in steps 3 & 8 are identical (all headers the same).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

request_log.txt
8 kB
2008/11/07 7:19 AM

Activity

People

Assignee:: Anil Saldanha (Inactive)

Reporter:: johnstok - (Inactive)

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2008/11/07 7:08 AM

Updated:: 2011/03/22 2:00 PM

Resolved:: 2011/03/22 2:00 PM