tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "gautam" <gau...@applabs.net>
Subject JSession ID in address bar
Date Thu, 03 Oct 2002 12:40:26 GMT
Hello,

I am using form based authentication for my application (Tomcat 4.0.5, JDK
1.4, Win2K). I have tomcat configured to use SSL. Everything work fine.
However, I keep getting the jsessionid value in the address bar. This
happens for the first page only. Does not appear for subsequent pages
(regardless of authetication result). I am using IE 6.0.

https://localhost:8553/mywebapp/logon.jsp;jsessionid=E752F79F89D3423A1BEBB4D
4F2802D60

I am accessing the web app by : https://localhost:8553/mywebapp/

Web XML snippet :
------------------
<welcome-file-list><welcome-file>/jsp/index.jsp</welcome-file></welcome-file
-list>

<security-constraint>
	<web-resource-collection>
		<web-resource-name>Secure Area</web-resource-name>
		<url-pattern>*.jsp</url-pattern>
		<url-pattern>*.ma</url-pattern>
	</web-resource-collection>
	<auth-constraint><role-name>*</role-name></auth-constraint>

<user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee
></user-data-constraint>
</security-constraint>

<login-config>
	<auth-method>FORM</auth-method>
	<form-login-config>
		<form-login-page>/logon.jsp</form-login-page>
		<form-error-page>/fail_logon.jsp</form-error-page>
	</form-login-config>
</login-config>

<security-role><role-name>*</role-name></security-role>

Logon.jsp snippet :
------------------
<form method="POST" action='<%= response.encodeURL("j_security_check") %>'>

<table border="1" cellspacing="0" width="250" cellpadding="0"
bgcolor="#FFF8DC"><tr><td colspan="2">&nbsp;</td></tr>
<tr><td width="50%" valign="middle" align="right"><font
color="#000000"><b>User Id:</b></font>&nbsp;</td><td width="50%"
valign="middle" align="center"><p>&nbsp;

<input type="text" name="j_username" size="16" maxlength="16">

</p></td></tr><tr><td width="50%" valign="middle" align="right"><b><font
color="#000000">Password:</font></b> </td><td width="50%" valign="middle"
align="center">&nbsp;

<input type="password" name="j_password" size="16" maxlength="16">

</td></tr><tr><td width="50%" valign="middle" align="right">&nbsp;</td><td
width="50%" valign="middle" align="center">

<input type=submit name="logon_submit" value="Login"/>

</td></tr></table>

</form>

fail_logon.jsp snippet :
---------------------
<table width="100%">
  <tr><td align="left">Unable to login. <a href='<%=
response.encodeURL("logon.jsp") %>'>Please try again.</a></td></tr>
</table>

My index.jsp page just has normal HREFs in it. No Java code.

What is happening ? How do I correct this ?

Regards,

Gautam S


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message