tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <>
Subject Re: DO NOT REPLY [Bug 3839] - Problem bookmarking login page
Date Thu, 04 Oct 2001 02:06:55 GMT
I have done this with TC 3.3, Apache 1.3.20 + mod_jk and my own form
based authentication:


/login/login.vm <-- login page
/login/error.vm <-- error page
/login/index.vm <-- default index page

If someone goes to /login/login.vm directly and gets authenticated, the
page /login/index.vm gets displayed, which can then do whatever it wants
(ie. redirect somewhere else, display error, content etc.)

The pages I use are Velocity pages, but I don't think that JSP would be
any different.


Steve Downey wrote:
> "Train the user not to do that" is a cop out. If an application doesn't work
> the way users expect, it's a problem with the application, not the user.
> That's usability 101.
> If the user shouldn't bookmark the login page, they shouldn't ever be
> exposed to the URI for the login page. That makes it impossible to bookmark.
> The only URI that the user should see is the URI for the protected resource.

View raw message