Skip to main content

Accepting UTF-8 characters after a session has expired.

No replies
Joined: 2005-07-06

The login mechanism j_security_check remembers not only the requested URL but also any data which was submitted via a POST or a GET. This is great, it really
helps the user whose session times out while he/she is entering lots of info. I have a problem when the submitted data includes non ASCII characters.

I have recently modified a web application to use UTF-8 characters, in the past I removed non ASCII characters, I am trying to embrace them.

I have a problem when the user session times out. For data which is limited to the ASCII subset of UTF-8 there is no issue, a user can be busy entering data, pop out to lunch, come back complete the entry and hit submit. Because the session has timed out, the user gets taken through authentication, the submit completes perfectly with no data lost.

If the submission includes non ASCII charcters AND the user gets taken through authentication, the non ASCII characters are corrupted.

To simplify the problem I wrote a test application which has a 2 minute session timeout and uses FileRealm authentication, index.jsp allows text entry and it displays any text that was entered by the previous submit. This test application uses HTTP GET, the real application which uses HTTP POST, the result is the same. While the user is logged in all UTF-8 characters are displayed correctly, if the submission includes a diversion via login, then the submitted data is present but any non ASCII characters are incorrectly displayed.

I guess there is probably some way of configuring the such that UTF-8 characters retain their encoding through the login process.

I am not using UTF-8 login IDs or passwords, merely submitting UTF-8 text after a session has timed out. I do not want to extend the 30 minute session timeout, I would prefer to fix the problem. Any idea how to configure the login process for UTF-8 ?

I am using Glassfish 2.1.1