tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <ahardy.str...@cyberspaceroad.com>
Subject Re: form-based login / cookies disabled / JSPs in WEB-INF
Date Wed, 01 Oct 2003 10:17:09 GMT
No, I don't know what more can be said. I think it is just impossible! 
We can put men on the moon, but if the browser has cookies disabled ... ;)

The dynamic information, i.e. the original request url, has to be saved 
somewhere during the authentication process by the app server.

Cookies are disabled, so it cannot be saved there.

Since cookies are disabled, that means it cannot be saved in a session, 
because that just substitutes one bit of dynamic information for another 
  (the request url for the session id).

Plus the form itself is in a non-dynamic HTML page, so the app server 
cannot put it in there either.




On 09/30/2003 06:55 AM Jose Alfonso Martinez wrote:
> I am sorry Adam, I guess you are doing in-container authentification. I know very little
about that, thus I cannot say anything... I do my own authentification. You can create a session
after the user auth there.
> 
> other ideas or comments????
> 
> Jose
> 
> On Sun, Sep 28, 2003 at 06:50:05PM +0200, Adam Hardy wrote:
> 
>>On 09/28/2003 06:09 PM Jose Alfonso Martinez wrote:
>>
>>>Do you really need to maintain a session, even when the user is just 
>>>browsing static html files (before logging in)???  If the answer is no, 
>>>then you could have an html login form.
>>>
>>
>>Try it! If tomcat doesn't have a session id to store the user's request 
>>with when tomcat is stepping in between with the login procedure, then 
>>tomcat will not know where the login submission has come from once the 
>>user clicks the login form's submit. This leads directly to a 
>>j_security_check not available 404 error.
>>
>>Adam
>>
>>-- 
>>struts 1.1 + tomcat 4.1.27 + java 1.4.2
>>Linux 2.4.20 RH9
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 

-- 
struts 1.1 + tomcat 5.0.12 + java 1.4.2
Linux 2.4.20 RH9


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message