Sigh... HTTP Status 408 after Login on Tomcat.
Quick little post to share the results of a day's worth of wasted effort. I was creating a tracer bullet prototype of a web application for a customer and was configuring the security using an LDAP server (Apache Directory Server and Apache Directory Studio - a very good combo). Having configured the LDAP server I set up form based security and pointed a browser at the web application. I first tested the failed login and sure enough I got the login error page. I tested the correct login and disaster - I got an HTTP 408 page from Tomcat telling me that the session had expired because I had taken to long to login.I followed all the usual paths, I checked that the LDAP was authenticating correctly, I checked that the browser was handling cookies correctly, I looked at the Tomcat logs for any unexpected exceptions. I did a whole lot more.
Eventually, after building my own version of Tomcat with lots of trace, I found the problem. The Login JSP that I was using had a nasty little taglet that included a session invalidate command. After removing this everything worked correctly.
I must remember that when I reuse code from elsewhere in a project, I should check for any gotchas.
Labels: Technical
posted by Bob Boothby @ 11:56
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home