I have a GWT app running on Tomcat 8.5 running behind a firewall / load-balancer using form-based authentication for most of the resources. Most of the time it’s all fine, but a while ago it started occasionally either getting stuck on the j_security_check “page” (~/j_security_check displayed in the URL) with a 408 login timeout error, or coming up with a blank page caused by the GWT .js file actually containing the login page html after the redirect from j_security_check back to the protected resource. This occurs only irregularly, and so far I haven’t been able to consistently reproduce the behavior, although once it happens, it generally continues until I clear cache and reload.