a question regarding the handling of login to a web/application server (WildFly 9.0.2) after a session-timeout.
Scenario:
I have a simple Web Application with a login page using Form-Based Authentication (action: j_security_check) and container managed login.
This works as expected:
- Login works as follows:
- Invoking in Browser the URL localhost:8080/SecurityWeb/
- Then the login page is shown in Browser.
- Then login to web application before the session timeout occurs.
- Then after login I see the expected URL: localhost:8080/SecurityWeb/index.jsp
This works NOT as expected:
- Login works as follows:
- Invoking in Browser the URL localhost:8080/SecurityWeb/
- Then the login page is shown in Browser.
- Waiting until the session-timeout occurs.
- Then login to web application.
- Then after login I see the NOT expected URL: localhost:8080/SecurityWeb/j_security_check
Questions: What has to be done to solve the problem?
snip from web.xml :
<display-name>SecurityWeb</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>...</description>
<role-name>administrator</role-name>
<role-name>customer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Admin</description>
<role-name>administrator</role-name>
</security-role>
<security-role>
<description>Customer</description>
<role-name>customer</role-name>
</security-role>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
+-------------------------------------------------+
snip from login.jsp :
<form method="post" ACTION="j_security_check">
id: <input type="text" name="j_username" /> <br>
pw: <input type="password" name="j_password" /> <br>
<input type="submit" name="login" value="Login">
</form>
+-------------------------------------------------+
Farisola