: FORM-based login questions
Message-ID: [EMAIL PROTECTED]
1. You are right that the spec doesn't say what to do when a login form is
accessed directly. This is why Tomcat doesn't know what to do. Two things:
a) don't let users access login form directly. Not sure what happens in
Tomcat if you
1. You are right that the spec doesn't say what to do when a login form is
accessed directly. This is why Tomcat doesn't know what to do. Two things:
a) don't let users access login form directly. Not sure what happens in
Tomcat if you protect the login form. At least you can remove all
