This error happens when the time between the request of a protected resource (and so, the presentation of the login form) and the submit to the j_security_check is greater than the session timeout value.
The internal mechanism of Tomcat stores the original request into the session...so, if the session has expired or invalidated, Tomcat cant know where to redirect and then raise that timeout error.
The default value of session invalidation in tomcat is 30 minutes.
Another cause can be an explicit session invalidation by calling httpsession.invalidate() ... perhaps in the logon.jsp??
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3871712#3871712
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3871712