Hello everyone,

I've got a security context with protected xhtml-files. The authentification-mode is "FORM_BASED" with the "j_security_check"-action. After logging-out the login-formular (a jsp-page) is displayed, because I'm trying to access the protected-overview page, but after logging-out no session is available. My session-timeout is 120minutes. If a user tries to login after the timeout he must login twice, because at the first time he just gets a new session to access the security-context and the login-formular for this new session. This is how far I understand the mechanism.

Now I want to realize, that a "parking" on the login-page is possible and, even after a session-timeout, only one login is required to access the requested protected xhtml-page. Is there any possibility to temporarily save the login data (entered by the user on the login-page), then check if a session exists and if not create one and automatically retry the login with the previously saved data?

Is there any detailed documentation about the JBoss-Login-Mechanism? I'm searching for some documentation about which JBoss-Classes act together during first request for a protected page, creating a new session into the security-context and the authorization. Unfortunately I found no information at google about this topic.

Sorry for my bad english and thanks in advance for your help

WyattEarp