tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: HTTP Status 400 - Invalid direct reference to form login page!
Date Fri, 04 Jun 2010 09:11:31 GMT
On 04/06/2010 01:19, Martin Gainty wrote:
> 
> the reference is to URLEncoder class
> 
> URLEncoder Utility class is used for HTML form encoding. This class contains static methods
for converting a String to the application/x-www-form-urlencoded MIME format
> 
> javadoc for encode methods of the URLEncoder are illustrated at
> 
> http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html

Not it's not, it's a reference to "response.encodeRedirectURL(path)"

Instead of continuing to talk about this in the abstract, how about you
post some details of your configuration and the code you're using to logout?

Where is the login form, what URL is it?

Which URL are you redirecting to after logout, and how are you doing that?

etc


p


> ______________________________________________ 
> Verzicht und Vertraulichkeitanmerkung
> 
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so
bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer
Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und
entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails
koennen wir keine Haftung fuer den Inhalt uebernehmen.
> 
>  
> 
>> Date: Fri, 4 Jun 2010 00:34:36 +0300
>> Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
>> From: george.pucea@gmail.com
>> To: users@tomcat.apache.org
>>
>> Hello Cris,
>>
>> *After you call session.invalidation(), what does your code do,
>> specifically? If you do a "forward" to a protected resource, strange
>> things may happen with cookie-passing.*
>>
>> After the session get's invalidate(on the server side) my code send back a
>> request success to the UI and then the Ui redirect's my app to the protected
>> resource.
>>
>> *Does your login form properly encode the session id into it's <form>
>> action? Does your logout code properly encode the session id into the
>> redirect URL? Have you enabled/disabled cookies in your web browser?*
>>
>> My cookies are enabled. But I don't know exactly if the login/logout code
>> form properly encode the session id into it's <form>(how can I test that?)
>>
>>
>>
>> Thank you very much!!!!
>>
>>
>>
>> On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
>> chris@christopherschultz.net> wrote:
>>
> Gheorghe,
> 
> On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
>>>>> By "when I get back to the login page" I mean that I log out from my
app
> and
>>>>> then I redirect my app to a restricted resource and when my login page
>>>>> appears I type my User/pass and the error occurs.
>>>>>
>>>>> I want to add something, when I log out and after I redirect my app to
a
>>>>> protected resource the login page show's up if I hit the refresh button
> on
>>>>> my browser and I type in my user/pass it works.
> 
> After you call session.invalidation(), what does your code do,
> specifically? If you do a "forward" to a protected resource, strange
> things may happen with cookie-passing.
> 
> Does your login form properly encode the session id into it's <form>
> action? Does your logout code properly encode the session id into the
> redirect URL? Have you enabled/disabled cookies in your web browser?
> 
> -chris
>>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>

> _________________________________________________________________
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. 
> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5



Mime
View raw message