This is a guess as you haven't given information on what was happening before the timeout.

I imagine you are in a protected area moving from page to page and your session times out. You try to go to the next page which is protected. You need to log in first, try to go to that page and then get redirected to the timeout page? Just a hypothesis.

When you need to do complex things with authentications and sessions, you sometimes have to resort to doing things your own way. By this, I mean that you have to abandon form-based authentication, or other automatic authentication and employ your own framework.

We have done this with our applications to achieve custom logons, and redirections to various pages indicating to the user what has happened. It means that for every page, you need to check for valid sessions and redirect accordingly. But you have fine-grained control over incorrect password entries, session-timeouts and you also have control over session recovery. So you have to weigh up the coding cost over the control.

I'm getting similar strange behaviour which I believe is associated with session timeout.

Is there any progress in this area? I can't believe this isn't handled properly.

I need to do some more research, but if anyone as some light to put on this....

I'm using JBoss 3.2.3 and with Tomcat4.1 bundle (Coyote connector).

Martin

Further investigation revealed a bug in my code :-)

Inspite of my bug fix, I am left with the scenario outlined by dutchman_mn in his second post in this thread.

Anyone?

Thanks
Martin

Hmm... HttpSessionListener looks interesting...