tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Propes, Barry L " <barry.l.pro...@citi.com>
Subject RE: that old problem - Invalid direct reference to form login page
Date Wed, 16 Apr 2008 18:43:28 GMT
that's good to know, Chris -- I might try that and see if it solves my problem, too.

-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, April 16, 2008 1:15 PM
To: Tomcat Users List
Subject: Re: that old problem - Invalid direct reference to form login
page


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

Michael Teter wrote:
| <form method="POST" action="j_security_check">

You should always do:

<form method="POST" action="<%=
response.encodeURL(request.getContextPath() + "/j_security_check")) %>">

You should always include the context path in URLs.
You should always run your URLs through response.encodeURL so that the
session id is encoded in the URL if the user isn't using cookies.

Otherwise, logins never work when cookies are not being used.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgGQggACgkQ9CaO5/Lv0PD1FQCfaXXjRMBsCikW65hkCPhwbFeh
0dsAoJ+FFHynG4eWytwTCZHzSqZAPmXf
=vSBo
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Mime
View raw message