tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: HTTP Status 400 - Invalid direct reference to form login page!
Date Thu, 03 Jun 2010 21:24:50 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gheorghe,

On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
> By "when I get back to the login page" I mean that I log out from my app and
> then I redirect my app to a restricted resource and when my login page
> appears I type my User/pass and the error occurs.
> 
> I want to add something, when I log out and after I redirect my app to a
> protected resource the login page show's up if I hit the refresh button on
> my browser and I type in my user/pass it works.

After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.

Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
=lzIW
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message