tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gheorghe Pucea <george.pu...@gmail.com>
Subject Re: HTTP Status 400 - Invalid direct reference to form login page!
Date Fri, 04 Jun 2010 08:49:16 GMT
 Please I really  need help. I found out today that it work's on opera to.







Many thanks!!!

On Fri, Jun 4, 2010 at 8:59 AM, Gheorghe Pucea <george.pucea@gmail.com>wrote:

>
>
>
> The encoding is ok I tried it out today. But I need to add one more thing
> the problem doesn't appear
> on Google Chrome but it appears on IE8 and Mozila 3.5.9.
>
>
>
> On Fri, Jun 4, 2010 at 3:19 AM, Martin Gainty <mgainty@hotmail.com> wrote:
>
>>
>> the reference is to URLEncoder class
>>
>> URLEncoder Utility class is used for HTML form encoding. This class
>> contains static methods for converting a String to the
>> application/x-www-form-urlencoded MIME format
>>
>> javadoc for encode methods of the URLEncoder are illustrated at
>>
>>
>>
>> http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
>>
>> Martin
>> ______________________________________________
>> Verzicht und Vertraulichkeitanmerkung
>>
>> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
>> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
>> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
>> dient lediglich dem Austausch von Informationen und entfaltet keine
>> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
>> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>>
>>
>>
>> > Date: Fri, 4 Jun 2010 00:34:36 +0300
>> > Subject: Re: HTTP Status 400 - Invalid direct reference to form login
>> page!
>> > From: george.pucea@gmail.com
>> > To: users@tomcat.apache.org
>> >
>> > Hello Cris,
>> >
>> > *After you call session.invalidation(), what does your code do,
>> > specifically? If you do a "forward" to a protected resource, strange
>> > things may happen with cookie-passing.*
>> >
>> > After the session get's invalidate(on the server side) my code send back
>> a
>> > request success to the UI and then the Ui redirect's my app to the
>> protected
>> > resource.
>> >
>> > *Does your login form properly encode the session id into it's <form>
>> > action? Does your logout code properly encode the session id into the
>> > redirect URL? Have you enabled/disabled cookies in your web browser?*
>> >
>> > My cookies are enabled. But I don't know exactly if the login/logout
>> code
>> > form properly encode the session id into it's <form>(how can I test
>> that?)
>> >
>> >
>> >
>> > Thank you very much!!!!
>> >
>> >
>> >
>> > On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
>> > chris@christopherschultz.net> wrote:
>> >
>> > > -----BEGIN PGP SIGNED MESSAGE-----
>> > > Hash: SHA1
>> > >
>> > > Gheorghe,
>> > >
>> > > On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
>> > > > By "when I get back to the login page" I mean that I log out from
my
>> app
>> > > and
>> > > > then I redirect my app to a restricted resource and when my login
>> page
>> > > > appears I type my User/pass and the error occurs.
>> > > >
>> > > > I want to add something, when I log out and after I redirect my app
>> to a
>> > > > protected resource the login page show's up if I hit the refresh
>> button
>> > > on
>> > > > my browser and I type in my user/pass it works.
>> > >
>> > > After you call session.invalidation(), what does your code do,
>> > > specifically? If you do a "forward" to a protected resource, strange
>> > > things may happen with cookie-passing.
>> > >
>> > > Does your login form properly encode the session id into it's <form>
>> > > action? Does your logout code properly encode the session id into the
>> > > redirect URL? Have you enabled/disabled cookies in your web browser?
>> > >
>> > > - -chris
>> > > -----BEGIN PGP SIGNATURE-----
>> > > Version: GnuPG v1.4.10 (MingW32)
>> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> > >
>> > > iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
>> > > k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
>> > > =lzIW
>> > > -----END PGP SIGNATURE-----
>> > >
>> > > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> > > For additional commands, e-mail: users-help@tomcat.apache.org
>> > >
>> > >
>>
>> _________________________________________________________________
>> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
>> Hotmail.
>>
>> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message