Announcement Announcement Module
No announcement yet.
problem with login and session based request cache. Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • problem with login and session based request cache.

    I posted this in Web, but then realized it probably belonged in security.

    After you post to j_spring_security_check you get redirected to the URL which prompted the login.
    The URL seems to be saved in a session based RequestCache, and I have some issues with that.

    Sometimes users get redirected to faviocn.ico after login, even though the filterSecurityChain clearly lists this as
    HTML Code:
    <sec:intercept-url pattern="/favicon.ico" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    Also the application has pages with JavaScript that sends requests using setTimeout(), if one of these are open in a different browser tab, they will override the URL in the request cache.

    Q: Is there a best practice for encoding the original URL in the login URL, so I will not be affected of concurrent requests which occur during login?