You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Thomas Rohde <tr...@ordix.de> on 2012/05/14 14:46:16 UTC

Manager activeSessions and customized error page

Hi!

I configured the Manager's maxActiveSessions attribute in context.xml. If the configured value is exceeded an IllegalStateException "createSession: Too many active sessions" is thrown in ManagerBase class. In our application we catch this exception around httpServletRequest.getSession(true) and redirect to an customized error page. Works!

Now I activated form based authentication via securiy constraint in web.xml. If I try to open the web application with my browser by sending the first request, the response is empty (status 200 OK).

Is there any way to map a static customized error page in this scenario?

If not: Is there any other approach to limit the number of sessions?

Thanks!
Thomas

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Manager activeSessions and customized error page

Posted by Konstantin Kolinko <kn...@gmail.com>.

2012/5/14 Thomas Rohde <tr...@ordix.de>:
> Hi!
>
> I configured the Manager's maxActiveSessions attribute in context.xml. If the configured value is exceeded an IllegalStateException "createSession: Too many active sessions" is thrown in ManagerBase class. In our application we catch this exception around httpServletRequest.getSession(true) and redirect to an customized error page. Works!
>
> Now I activated form based authentication via securiy constraint in web.xml. If I try to open the web application with my browser by sending the first request, the response is empty (status 200 OK).
>
> Is there any way to map a static customized error page in this scenario?
>

It depends on where ErrorReportValve is in the request processing
chain in your situation. There were several changes to that (read:
fixes) in different Tomcat 7.0.x versions. You did not wrote which
version you do use.

If it is reproducible in latest 7.0.27, feel free to create a bug
report and attach a simple sample web application + steps to
reproduce.

It might be that it is already reproducible with the standard example
app [1], but I have not tried.

[1] http://localhost:8080/examples/jsp/security/protected/index.jsp

> If not: Is there any other approach to limit the number of sessions?

I think it is possible with a Filter, Valve or with a SessionListener.
It should be also be possible with a custom o.a.c.Manager.
YMMV.

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org