I've been having an interesting problem with dynamic session timeouts and
the SecurePage skeleton provided by the examples. I've got a servlet
hierarchy based on the SecurePage example to handle authentication. It
generally works fine, but when the user leaves the session idle a long time,
things can get weird. If the session gets flushed to disk, and then times
out completely - and then the user sends another request, the session is
restored from disk and the request is fullfilled. Then the NEXT request
will be denied saying that their session has timed out.
Any ideas on where I should look, or what the source of this might be?
Thanks in advance,