tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gheorghe Pucea <george.pu...@gmail.com>
Subject Re: HTTP Status 400 - Invalid direct reference to form login page!
Date Thu, 03 Jun 2010 21:34:36 GMT
Hello Cris,

*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*

After the session get's invalidate(on the server side) my code send back a
request success to the UI and then the Ui redirect's my app to the protected
resource.

*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*

My cookies are enabled. But I don't know exactly if the login/logout code
form properly encode the session id into it's <form>(how can I test that?)



Thank you very much!!!!



On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Gheorghe,
>
> On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
> > By "when I get back to the login page" I mean that I log out from my app
> and
> > then I redirect my app to a restricted resource and when my login page
> > appears I type my User/pass and the error occurs.
> >
> > I want to add something, when I log out and after I redirect my app to a
> > protected resource the login page show's up if I hit the refresh button
> on
> > my browser and I type in my user/pass it works.
>
> After you call session.invalidation(), what does your code do,
> specifically? If you do a "forward" to a protected resource, strange
> things may happen with cookie-passing.
>
> Does your login form properly encode the session id into it's <form>
> action? Does your logout code properly encode the session id into the
> redirect URL? Have you enabled/disabled cookies in your web browser?
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
> k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
> =lzIW
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message