You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Thomas Rohde <tr...@ordix.de> on 2012/05/14 14:46:16 UTC
Manager activeSessions and customized error page
Hi!
I configured the Manager's maxActiveSessions attribute in context.xml. If the configured value is exceeded an IllegalStateException "createSession: Too many active sessions" is thrown in ManagerBase class. In our application we catch this exception around httpServletRequest.getSession(true) and redirect to an customized error page. Works!
Now I activated form based authentication via securiy constraint in web.xml. If I try to open the web application with my browser by sending the first request, the response is empty (status 200 OK).
Is there any way to map a static customized error page in this scenario?
If not: Is there any other approach to limit the number of sessions?
Thanks!
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Manager activeSessions and customized error page
Posted by Konstantin Kolinko <kn...@gmail.com>.
2012/5/14 Thomas Rohde <tr...@ordix.de>:
> Hi!
>
> I configured the Manager's maxActiveSessions attribute in context.xml. If the configured value is exceeded an IllegalStateException "createSession: Too many active sessions" is thrown in ManagerBase class. In our application we catch this exception around httpServletRequest.getSession(true) and redirect to an customized error page. Works!
>
> Now I activated form based authentication via securiy constraint in web.xml. If I try to open the web application with my browser by sending the first request, the response is empty (status 200 OK).
>
> Is there any way to map a static customized error page in this scenario?
>
It depends on where ErrorReportValve is in the request processing
chain in your situation. There were several changes to that (read:
fixes) in different Tomcat 7.0.x versions. You did not wrote which
version you do use.
If it is reproducible in latest 7.0.27, feel free to create a bug
report and attach a simple sample web application + steps to
reproduce.
It might be that it is already reproducible with the standard example
app [1], but I have not tried.
[1] http://localhost:8080/examples/jsp/security/protected/index.jsp
> If not: Is there any other approach to limit the number of sessions?
I think it is possible with a Filter, Valve or with a SessionListener.
It should be also be possible with a custom o.a.c.Manager.
YMMV.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org