tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gheorghe Pucea <george.pu...@gmail.com>
Subject Re: HTTP Status 400 - Invalid direct reference to form login page!
Date Fri, 04 Jun 2010 05:59:27 GMT
The encoding is ok I tried it out today. But I need to add one more thing
the problem doesn't appear
on Google Chrome but it appears on IE8 and Mozila 3.5.9.



On Fri, Jun 4, 2010 at 3:19 AM, Martin Gainty <mgainty@hotmail.com> wrote:

>
> the reference is to URLEncoder class
>
> URLEncoder Utility class is used for HTML form encoding. This class
> contains static methods for converting a String to the
> application/x-www-form-urlencoded MIME format
>
> javadoc for encode methods of the URLEncoder are illustrated at
>
>
>
> http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
>
> Martin
> ______________________________________________
> Verzicht und Vertraulichkeitanmerkung
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
>
>
>
> > Date: Fri, 4 Jun 2010 00:34:36 +0300
> > Subject: Re: HTTP Status 400 - Invalid direct reference to form login
> page!
> > From: george.pucea@gmail.com
> > To: users@tomcat.apache.org
> >
> > Hello Cris,
> >
> > *After you call session.invalidation(), what does your code do,
> > specifically? If you do a "forward" to a protected resource, strange
> > things may happen with cookie-passing.*
> >
> > After the session get's invalidate(on the server side) my code send back
> a
> > request success to the UI and then the Ui redirect's my app to the
> protected
> > resource.
> >
> > *Does your login form properly encode the session id into it's <form>
> > action? Does your logout code properly encode the session id into the
> > redirect URL? Have you enabled/disabled cookies in your web browser?*
> >
> > My cookies are enabled. But I don't know exactly if the login/logout code
> > form properly encode the session id into it's <form>(how can I test
> that?)
> >
> >
> >
> > Thank you very much!!!!
> >
> >
> >
> > On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Gheorghe,
> > >
> > > On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
> > > > By "when I get back to the login page" I mean that I log out from my
> app
> > > and
> > > > then I redirect my app to a restricted resource and when my login
> page
> > > > appears I type my User/pass and the error occurs.
> > > >
> > > > I want to add something, when I log out and after I redirect my app
> to a
> > > > protected resource the login page show's up if I hit the refresh
> button
> > > on
> > > > my browser and I type in my user/pass it works.
> > >
> > > After you call session.invalidation(), what does your code do,
> > > specifically? If you do a "forward" to a protected resource, strange
> > > things may happen with cookie-passing.
> > >
> > > Does your login form properly encode the session id into it's <form>
> > > action? Does your logout code properly encode the session id into the
> > > redirect URL? Have you enabled/disabled cookies in your web browser?
> > >
> > > - -chris
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (MingW32)
> > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > >
> > > iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
> > > k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
> > > =lzIW
> > > -----END PGP SIGNATURE-----
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
>
> _________________________________________________________________
> The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
> Hotmail.
>
> http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message