tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: How to prevent direct access to login.jsp
Date Tue, 09 Dec 2003 10:09:48 GMT
On 12/08/2003 11:59 PM Chaikin, Yaakov Y (US SSA) wrote:
> I realized that my user can mess himself by bookmarking the login page
> he is asked to log in. The login.jsp appears in the URL address in the
> browser...
> Does anyone know how to avoid this? How do I block that URL for the user
> and not for the server?

Hi Yaakov,
I think the best way to deal with this situation is to configure tomcat 
to catch the error status 403 or whatever it is and then serve up an 
error page with a calm, logical explanation of why they shouldn't do that.

Or upgrade to tomcat 5.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message