ghost
commented
9 years ago From martin.grotzke on July 18, 2013 16:17:30
Can you provide a simple sample app (e.g. on github) that allows to reproduce the issue?
Open ghost opened 9 years ago
ghost
commented
9 years ago From martin.grotzke on July 18, 2013 16:17:30
Can you provide a simple sample app (e.g. on github) that allows to reproduce the issue?
ghost
commented
9 years ago From Groa...@gmail.com on July 19, 2013 12:55:10
I did a little more testing, and here's what I found. I created an extremely basic login.jsp, with nothing but the essentials. Like below:
This worked as expected. Then I started to add back in some of the elements of our original login.jsp, and found that it stopped working when we added back an image that we had shown on the login screen, something like the following:
I know that "png" is part of the requestUriIgnorePattern we are using. When I changed the image name to be mylogo.bmp (bmp is not part of the requestUriIgnorePattern) and referenced that in the login.jsp, it worked as expected. So it seems that items that match that condition cannot be in the login.jsp. Is this is expected behavior?
Thanks.
ghost
commented
9 years ago From martin.grotzke on July 20, 2013 14:37:55
No, this is not expected, it's a bug. I'm currently on holidays, will look into this when I'm back.
Status: Accepted
From Groa...@gmail.com on July 18, 2013 22:11:23
What steps will reproduce the problem? 1.Log into app with proper credentials, submit the login form 2.Immediately receive 408 error with "j_security_check" in the url (ex: http://myapp.net/j_security_check) 3.If I delete "j_security_check" from the url in the browser and hit enter, I'm able to access the app. What is the expected output? What do you see instead? This is the main text of the error: HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser What version of the product are you using? On what operating system? Tomcat 7.0.39 Windows Server 2008 R2 on Azure (the site is running on two VMs, load balanced using Azure load balancing) memcached-session-manager-1.6.5 memcached-session-manager-tc7-1.6.5 spymemcached-2.8.12 Please provide any additional information below. Hers is my manager setting in the context.xml: <Manager className="de.javakaffee.web.msm.MemcachedBackupSessionManager" memcachedNodes="n1:xxx1.mydomain.com:11211,n2:xxx2.mydomain.com:11211" sticky="false" sessionBackupAsync="false" requestUriIgnorePattern=".*.(ico|png|gif|jpg|css|js)$" transcoderFactoryClass="de.javakaffee.web.msm.JavaSerializationTranscoderFactory" /> As stated above, once I get the initial error if I remove "j_security_check" from the url in the browser and hit return, I'm authenticated and the app functions normally. In our attempts to solve the problem, we had put some inline scripting code in the login.jsp file where the login form resides. We also saved the credentials the user enters in cookies (j_user & j_pass). The inline code was like the following: <% String j_username = ""; String j_password = ""; Cookie[] cookies = request.getCookies(); for (int i = 0; i < cookies.length; i++) { String cookieName = cookies[i].getName(); if (cookieName.equalsIgnoreCase("j_user")) { j_username = cookies[i].getValue(); } else if (cookieName.equalsIgnoreCase("j_pass")) { j_password = cookies[i].getValue(); } } String redirectURL = response.encodeURL("j_security_check?j_username="
Original issue: http://code.google.com/p/memcached-session-manager/issues/detail?id=171