HTTP Status 408 error during login with domain forwarding set up

StackOverflow https://stackoverflow.com/questions/1727668

  •  19-09-2019
  •  | 
  •  

Question

On my site wemanageloans.com, many of the users are getting the following error when they try to login with the correct credentials:

HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser

This happens only if they try to login from URL: http://www.wemanageloans.com

I have set up domain forwarding to URL: http://59.176.19.181:8080

This error does not happen if the user tries to access the above IP address based URL directly.

Also, while this error occurs all the time for some users, it does happen intermittently to some users.

Please advise as to what could be wrong with the domain forwarding and what I may need to configure on my side.

I am using Tomcat 6' authentication using j_security_check.

Was it helpful?

Solution

When I visited the site I've seen that the session cookie was not immediately set - not even after the first login attempt.

I guess that there's something wrong with the start of a session.

As "forwarding" is done through a frame that masks your site, I'd suggest to stop this: it obfuscates quite a bit of what happens. Either get correct DNS resolution, use mod_jk or similar to serve tomcat content through apache or just redirect people to directly use the IP. This will most likely get rid of your problems (I've never seen them in this scenario). In case of using the IP directly it results in an ugly URL, so correct DNS resolution should be what you aim for.

Edit: Don't know if you already do this: Keep in mind that - using j_security_check - you can't just provide the login form to the user but need to rely on tomcat to present it (AFAIK). Therefor your page http://59.176.19.181:8080/personalcredit/loans.htm (which is the first page shown) is not supposed to have the login form on it, instead the page has to be declared as protected, so that tomcat by itself provides the configured login page to the user. If loans.htm was not declared protected, there was no reason for tomcat to start a new session which would explain the observed behaviour.

It wouldn't explain the nondeterminism though.

OTHER TIPS

Could be caching related. Try sending a header like:

Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache

Just to rule this option out...

Anyways 408 is about timeouts, could it be that your server takes more time to route those requests? Unlikely, but possbile though.

Another approach would be to set your tomcat server.xml to listen to port 80, just to make sure that using port 8080 is not causing the problem...

server.xml would need to look sthing like:

<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" 
redirectPort="8443" />

hth

I fixed this issue by adding an Interval to login.html and login-failure.html

setInterval(function(){
        location.reload(true);
    },5*60*1000);

The login.html and login-failure.html are the same. Except login-failure.html contained a text "Username or password is incorrect"

I seem to have found a very simple solution

<meta http-equiv="Cache-Control" content="no-store,no-cache,must-revalidate"/>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="-1"/>

Thanks to Greg http://readlist.com/lists/tomcat.apache.org/users/7/35987.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top