is there a possibility to avoid or forbid a client refresh if a session timeout occured?
My problem is that we log in to the server with a client certificate (tomcat handles the authentication process) and if the session timed out the user will be logged in again automatically. But that is a security problem since the user may already had left his desk. If there would be no automatically refresh and no chance to refresh over a button that would be very helpfull
...but the relogon is done with a new session. Couldn't you react accordingly - by e.g. finding out that the session is not authorized yet?
Answer to your question: you can setup an own "Error Screen" by registering an implementation of interface "ILocalErrorScreenProvider" (This is is a client interface.). The error screen is just a normal XML page. The default implementation is DefaultErrorScreenProvider.
![[Logo]](/forum/templates/default/images/logo.jpg){kind=logo}
![[Search]](/forum/templates/default/images/icon_mini_search.gif){kind=icon}
![[Recent Topics]](/forum/templates/default/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/default/images/icon_mini_members.gif){kind=icon}
![[Groups]](/forum/templates/default/images/icon_mini_groups.gif){kind=icon}
![[Register]](/forum/templates/default/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/default/images/icon_mini_login.gif){kind=icon}
Login
![[Post New]](/forum/templates/default/images/icon_minipost_new.gif){kind=icon}
![[Up]](/forum/templates/default/images/icon_up.gif){kind=icon}
![[Avatar]](/forum/images/avatar/eccbc87e4b5ce2fe28308fd9f2a7baf3.jpg)