tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 9791] - Form-based login fails using apache, mod_jk, mod_ssl without cookies
Date Mon, 18 Nov 2002 15:29:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9791>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9791

Form-based login fails using apache, mod_jk, mod_ssl without cookies





------- Additional Comments From Brian.Ewins@btinternet.com  2002-11-18 15:29 -------
Corey, I've checked through the code and the tomcat side looks fine. Are you
sure your login form is ok? For form based authentication without cookies, you
need to use URL rewriting on the form action in your login page, like so:

<form action='<%= response.encodeURL("j_security_check") %>'>

If you don't do this, then the session that created the login form will not be
requested when the login form is submitted. In particular, if you use a plain
.htm login form instead of a jsp, you /must/ use cookies.

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message