Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 84513 invoked by uid 500); 26 Sep 2001 16:13:49 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: tomcat-dev@jakarta.apache.org Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 84494 invoked from network); 26 Sep 2001 16:13:49 -0000 Date: 26 Sep 2001 16:13:51 -0000 Message-ID: <20010926161351.24706.qmail@nagoya.betaversion.org> From: bugzilla@apache.org To: tomcat-dev@jakarta.apache.org Cc: Subject: DO NOT REPLY [Bug 3839] New: - Problem bookmarking login page X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3839 Problem bookmarking login page Summary: Problem bookmarking login page Product: Tomcat 4 Version: 4.0 Final Platform: PC OS/Version: Linux Status: NEW Severity: Major Priority: Other Component: Webapps AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: paul.pacheco@wavecode.com I have a web application that uses form based authentication. if I go to a protected page for example: http://myhost/myapp/index.html then I get the authentication form: http://myhost/myapp/login.jsp I fill it up, and submit and I get authenticated and the page http://myhost/myapp/index.html is properly shown. However, if instead of trying to go to a protected resource, I try to go directly to the login.jsp page, and that is pretty common since some people like to bookmark the login page, then this is what happens: I go to the login page: http://myhost/myapp/login.jsp the login page gets displayed properly. but if I fill it up and submit, the browser gets redirected to this address: http://myhost/myapp/null and the following error is shown on the browser: HTTP Status 404 - /null The requested resource (/null) is not available. The behavior that I would like to see is that the default page for the web application be shown. I think this is what is happening: if I go to a protected resource the url gets saved somewhere in the session then after I submit the login information, the server redirects the browers to the saved location. But if I go directly to the login page, then there is no url that failed the security constraints, and nothing is saved. After I submit, it tries to go to whatever is saved (null in this case) and since there is no page named null an error is shown. What is needed is an extra check somewhere that says: if the saved location is null, then go to the default webapp page.