tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Mason <b.ma...@adinstruments.com>
Subject Re: Forms authentication without cookies in 6.0.33
Date Sun, 22 Jul 2012 23:36:49 GMT
On Fri, Jul 20, 2012 at 7:06 PM, Pid * <pid@pidster.com> wrote:

> On 20 Jul 2012, at 03:38, Brett Mason <b.mason@adinstruments.com> wrote:
> > Could someone please clarify if Tomcat supports forms authentication
> > without cookies? If it is intended to be a supported configuration I'm
> > happy to submit a bug report and can provided a simple standalone test
> app
> > to reproduce the problem.
>
> Form auth should work regardless of where the session id lives.
>
> Is the login form an HTML or JSP page? A session must be created
> before you can login, it sounds like Tomcat isn't seeing one during
> the first login.
>
>
The login page is a JSP (via a Servlet). We use the JSTL <c:url> tag to
generate the post URL which appears to be adding a valid sessionID:

<form method="post" action="<c:url value="j_security_check"/>">

Thanks,
Brett.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message