tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: HTTP Status 400 - Invalid direct reference to form login page!
Date Fri, 04 Jun 2010 00:19:48 GMT

the reference is to URLEncoder class

URLEncoder Utility class is used for HTML form encoding. This class contains static methods
for converting a String to the application/x-www-form-urlencoded MIME format

javadoc for encode methods of the URLEncoder are illustrated at

 

http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html

Martin
______________________________________________ 
Verzicht und Vertraulichkeitanmerkung

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten
wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist
unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet
keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
wir keine Haftung fuer den Inhalt uebernehmen.

 

> Date: Fri, 4 Jun 2010 00:34:36 +0300
> Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
> From: george.pucea@gmail.com
> To: users@tomcat.apache.org
> 
> Hello Cris,
> 
> *After you call session.invalidation(), what does your code do,
> specifically? If you do a "forward" to a protected resource, strange
> things may happen with cookie-passing.*
> 
> After the session get's invalidate(on the server side) my code send back a
> request success to the UI and then the Ui redirect's my app to the protected
> resource.
> 
> *Does your login form properly encode the session id into it's <form>
> action? Does your logout code properly encode the session id into the
> redirect URL? Have you enabled/disabled cookies in your web browser?*
> 
> My cookies are enabled. But I don't know exactly if the login/logout code
> form properly encode the session id into it's <form>(how can I test that?)
> 
> 
> 
> Thank you very much!!!!
> 
> 
> 
> On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
> chris@christopherschultz.net> wrote:
> 
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Gheorghe,
> >
> > On 6/3/2010 2:18 PM, Gheorghe Pucea wrote:
> > > By "when I get back to the login page" I mean that I log out from my app
> > and
> > > then I redirect my app to a restricted resource and when my login page
> > > appears I type my User/pass and the error occurs.
> > >
> > > I want to add something, when I log out and after I redirect my app to a
> > > protected resource the login page show's up if I hit the refresh button
> > on
> > > my browser and I type in my user/pass it works.
> >
> > After you call session.invalidation(), what does your code do,
> > specifically? If you do a "forward" to a protected resource, strange
> > things may happen with cookie-passing.
> >
> > Does your login form properly encode the session id into it's <form>
> > action? Does your logout code properly encode the session id into the
> > redirect URL? Have you enabled/disabled cookies in your web browser?
> >
> > - -chris
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
> > k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
> > =lzIW
> > -----END PGP SIGNATURE-----
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
 		 	   		  
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message