tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: 8 Patches for Win2k, Forte2.0 & JDK1.3.0_01
Date Wed, 23 May 2001 17:40:40 GMT


On Wed, 23 May 2001, Mark.Abbott wrote:

> 
> 
> Peter Costello wrote:
> > 
> > 
> > ===========================================================================
> > 1) org.apache.catalina.authenticator.FormAuthenticate
> > 
> >    The following enhancement allows the IE5.0 browser
> > to maintain the
> >    correct URL in its history list.  For example, if
> > browser fetches
> >    'index.jsp' and tomcat returns 'login.jsp', then
> > when browser submits
> >    username and password it sends a 'POST
> > j_security_check'.  Method
> >    'authenticate()' does its work and then restores
> > the original request
> >    and returns. However, now the browser thinks that
> > page 'GET index.jsp'
> >    is 'POST j_security_check' and using the
> > back/forward on the browser
> >    will result in an error when we get back to the
> > 'POST'.
> > 
> >    My fix was to send a redirect to the original page
> > after authenticate
> >    does its work.
> > 
> 
> But what if the original request was not a GET, but rather
> a POST?  How can you redirect to that?
> 
>       Cheers - Mark
> 
> 
> 

The change to use a redirect will be necessary to meet the new 2.3 spec
requirements.  However, Mark's point is critical -- if the original
request is a POST, we still need this to work.  That can be done, but it's
a little more complicated than just the current patch.

Craig



Mime
View raw message