tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gheorghe Pucea <george.pu...@gmail.com>
Subject Re: HTTP Status 400 - Invalid direct reference to form login page!
Date Sat, 05 Jun 2010 17:51:22 GMT
After I perform the log out I call a redirect function to a protected
resource and that goes well.


Somewhere I found that I need to set this tag in mai login.html page:

 <META HTTP-EQUIV = "Pragma" CONTENT="no-cache">
<META HTTP-EQUIV = "Cache-control" CONTENT="no-cache">

And I did that and after I hit the logout button and perform another login
it seem to work, but if I continue and log out and then again log in the
problem  occurs again!


Thank you for your time!






On Fri, Jun 4, 2010 at 12:11 PM, Pid <pid@pidster.com> wrote:

> On 04/06/2010 01:19, Martin Gainty wrote:
> >
> > the reference is to URLEncoder class
> >
> > URLEncoder Utility class is used for HTML form encoding. This class
> contains static methods for converting a String to the
> application/x-www-form-urlencoded MIME format
> >
> > javadoc for encode methods of the URLEncoder are illustrated at
> >
> > http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
>
> Not it's not, it's a reference to "response.encodeRedirectURL(path)"
>
> Instead of continuing to talk about this in the abstract, how about you
> post some details of your configuration and the code you're using to
> logout?
>
> Where is the login form, what URL is it?
>
> Which URL are you redirecting to after logout, and how are you doing that?
>
> etc
>
>
> p
>
>
> > ______________________________________________
> > Verzicht und Vertraulichkeitanmerkung
> >
> > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> >
> >
> >
> >> Date: Fri, 4 Jun 2010 00:34:36 +0300
> >> Subject: Re: HTTP Status 400 - Invalid direct reference to form login
> page!
> >> From: george.pucea@gmail.com
> >> To: users@tomcat.apache.org
> >>
> >> Hello Cris,
> >>
> >> *After you call session.invalidation(), what does your code do,
> >> specifically? If you do a "forward" to a protected resource, strange
> >> things may happen with cookie-passing.*
> >>
> >> After the session get's invalidate(on the server side) my code send back
> a
> >> request success to the UI and then the Ui redirect's my app to the
> protected
> >> resource.
> >>
> >> *Does your login form properly encode the session id into it's <form>
> >> action? Does your logout code properly encode the session id into the
> >> redirect URL? Have you enabled/disabled cookies in your web browser?*
> >>
> >> My cookies are enabled. But I don't know exactly if the login/logout
> code
> >> form properly encode the session id into it's <form>(how can I test
> that?)
> >>
> >>
> >>
> >> Thank you very much!!!!
> >>
> >>
> >>
> >> On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
> >> chris@christopherschultz.net> wrote:
> >>
> > Gheorghe,
> >
> > On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
> >>>>> By "when I get back to the login page" I mean that I log out from
my
> app
> > and
> >>>>> then I redirect my app to a restricted resource and when my login
> page
> >>>>> appears I type my User/pass and the error occurs.
> >>>>>
> >>>>> I want to add something, when I log out and after I redirect my
app
> to a
> >>>>> protected resource the login page show's up if I hit the refresh
> button
> > on
> >>>>> my browser and I type in my user/pass it works.
> >
> > After you call session.invalidation(), what does your code do,
> > specifically? If you do a "forward" to a protected resource, strange
> > things may happen with cookie-passing.
> >
> > Does your login form properly encode the session id into it's <form>
> > action? Does your logout code properly encode the session id into the
> > redirect URL? Have you enabled/disabled cookies in your web browser?
> >
> > -chris
> >>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
>
> > _________________________________________________________________
> > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
> Hotmail.
> >
> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message