HTTP Status 408 error with tomcat form based authentication

Question

My application is written in JSP and has Form based authentication. I am using Apache and Tomcat 7.

Here is my problem:

Sometimes when session times out and when I try re-login to application, it displays the below 408 error message:

HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

Appreciated if somebody can help me to resolve this.

Answer 1

I think this is down to session cookie handling by Internet Explorer. Two possible solutions you can try.

1. Modify Internet Explorer cookie handling preferences

Click Tools -> Internet Options, then click on the Privacy tab, then the Advanced button. Check 'Override automatic cookie handling', then make sure first party and third party cookies are set to accept, and check 'Always allow session cookies'.

2. Add http-equiv meta tags to the generated HTML

<meta http-equiv="Cache-Control" content="no-store,no-cache,must-revalidate"> 
<meta http-equiv="Pragma" content="no-cache"> 
<meta http-equiv="Expires" content="-1"> 

Alternatively these can be added as headers directly to the response.

response.addHeader("Cache-Control", "no-store,no-cache,must-revalidate");
response.addHeader("Pragma", "no-cache");
response.addHeader("Expires", "-1");