tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lawlor, Frank" <Frank_Law...@AthensGroup.com>
Subject Tomcat 4 clears login parameters?
Date Sat, 18 May 2002 06:00:11 GMT
One problem that Tomcat web apps have is that 
the login page remains in the browser history 
and if the user navigates to one
of these and tries to use it, they get a rather
incomprehensible result.

In Tomcat 3.x we had a good solution (the only
one I have been able to find anywhere) which
depends upon setting a parameter to indicate
that the page has been used (this is used by
JavaScript) to write "Page invalidated" or whatever
you want).

Unfortunately Tomcat 4.x seems to clear all the
parameters.  I suppose there may be some 
good security reason for clearing the username
and password, but can't it leave other parameters
alone?

Thanks,

Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message