2 Replies Latest reply on Sep 5, 2008 9:10 AM by Andreas Baumann

    Problem with container security & session timeout

    Chris Dollar Novice

      I'm having issues getting ajax4jsf working well with container-based authentication and session timeouts. I've done as suggested in the dev guide and have overridden A4J.AJAX.onExpired and this works fine to catch the expired session, but only when I don't use container managed authentication. As soon as I enable the security constraint if the session times out and a request happens then the container realizes that the session is invalid and redirects the user to the login page defined in my web.xml. That makes a4j complain about no a4j headers (which is correct since the container redirected to the login page) so a blank page gets rendered.

      Is there any way to handle session timeouts when security constraints are involved? If it makes any difference, I'm running jboss-4.2.1.GA using a DatabaseServerLoginModule for authentication.