0 Replies Latest reply on Jan 26, 2007 6:08 PM by khundley1

    j_security_check and session timeout issue

    khundley1
    khundley1 Jan 26, 2007 6:08 PM

      I've seen a lot of postings in regards to j_security_check problems but they all seem to be related to calling the login page directly. I am having an issue related to j_security_check after a session timeout occurs. Any help would be appreciated!
      Environment - jboss 4.0.4 GA, Seam 1.0.1 GA, ebj3, facelets

      A user logs into application then logs out and leaves the browser open. If they log back in after a session timeout the error: HTTP Status 400 - Invalid direct reference to form login page is displayed. However, if the user does a refresh on the browser after a session timeout then logs in - the error doesn't occur. The login form is not directly called anywhere in the application. When a user accesses MainPage and is not logged in they are redirected to the Login.jsp. Code snippets listed below. Any ideas why MainPage is not redirecting to Login.jsp after a session timeout occurs?
      Thanks!

      web.xml snippet
<session-config>
 <session-timeout>60</session-timeout>
</session-config>
<login-config>
 <auth-method>FORM</auth-method>
 <form-login-config>
 <form-login-page>
 /jsp/Login.jsp?failed=false
 </form-login-page>
 <form-error-page>
 /jsp/Login.jsp?failed=true
 </form-error-page>
 </form-login-config>
</login-config>
faces-config.xml snippet
<navigation-rule>
 <navigation-case>
 <from-outcome>login</from-outcome>
 <to-view-id>/jsp/Login.jsp</to-view-id>
 </navigation-case>
 <navigation-case>
 <from-outcome>home</from-outcome>
 <to-view-id>/jsf/document/MainPage.xhtml</to-view-id>
 <redirect />
 </navigation-case>
</navigation-rule>
Login.jsp
<form name="loginForm" action="j_security_check" method="post">
 <tr>
 <th colspan="2"><div class="dragbar">Login</div></th>
 </tr>
 <tr>
 <td class="label">User Name:</td>
 <td><input type="text" id="j_username" name="j_username" tabindex="1"></td>
 </tr>
 <tr>
 <td class="label">Password:</td>
 <td><input type="password" name="j_password" tabindex="3"> <input type="submit" value="Login"></td>
 </tr>
</form>
LogoutAction.java
import javax.annotation.security.PermitAll;
import javax.ejb.Stateless;
import org.jboss.seam.Seam;
import org.jboss.seam.annotations.Name;

@Name("logout")
@Stateless
@PermitAll
public class LogoutAction implements Logout {
 public String logout() {
 try {
 Seam.invalidateSession();
 } catch (Exception e) {}
 return "home";
 }
}


      • 3272 Views
      • Tags: