Hello all. I'm a little surprised how uncommon this problem seems to be on the list. Anyway, I'll tell you what I know and what to do about it.
Until now we've been using a protected index.html page as the entrypoint for our app. However, we've had the same problem Frank had. Upon starting the browser, the first login will show the page just fine (the server returned status 200.) Subsequent logins using a different broswer instance/session would produce only a blank page where index.html should have been, even though the login was successful. In this case the server returned 304. The problem is the the browser (both Netscape 6.2 and IE 6) caches index.html the first time it sees it. However, the second attempt to access the protected index.html page causes the server to send a 302 (redirect) to the browser indicating that the browser should load the login form. For some reason that I don't understand, both Netscape and IE delete the cached index.html in response to the 302. Upon login, then the server responds with a redirect to index.html and finally a 304. Netscape then creates an empty cache file for index.html. IE doesn't even do that. Both display a page with no content. Choosing refresh in both browsers loads the page correctly. Our workaround was to make index.html a jsp by simply changing the extension. This seems to have solved our problem. The browser behavior here seems to be the problem but since both Netscape and IE do the same thing, maybe they're just following something in the HTTP spec. john -----Original Message----- From: Eichfelder, Frank [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 31, 2001 4:43 AM To: [EMAIL PROTECTED] Subject: Form-Based-Authentication with Tomcat 4.0.1 Hi, I have a problem with the form-based-authentication with Tomcat 4.0.1. The problem is: If I access a protected page for the first time, I am redirected to the login-page and asked for username and password. If my input is correct, I am redirected to the desired page. Now I close the browser (IE 5.5 - cookies are accepted) and restart it. Now I try the same procedure, reenter my username and password, and get as result an empty page. In the browser I can see that the correct URL was demanded, and if I press the Reload-Button, then I see the desired page. But this behaviour is not what I want, it should work automatically. Can I do this via server.xml or web.xml settings? Or do I have to rewrite my html-pages? I have already added <META http-equiv="expires" content="0"> to the html-pages, without any effect. To see the difference between first login and second login, I add an extract of the access-logfile: First login: 27.0.0.1 - - [31/Oct/2001:11:07:30 1000] "GET /logintest/ HTTP/1.1" 302 654 127.0.0.1 - - [31/Oct/2001:11:07:30 1000] "GET /logintest/index.html HTTP/1.1" 304 - 127.0.0.1 - - [31/Oct/2001:11:07:32 1000] "GET /logintest/secure/securepage.html HTTP/1.1" 302 654 127.0.0.1 - - [31/Oct/2001:11:07:33 1000] "GET /logintest/LoginForm.html HTTP/1.1" 200 679 127.0.0.1 - - [31/Oct/2001:11:07:38 1000] "POST /logintest/j_security_check HTTP/1.1" 302 654 127.0.0.1 - tomcat [31/Oct/2001:11:07:38 1000] "GET /logintest/secure/securepage.html HTTP/1.1" 200 402 Second login: 127.0.0.1 - - [31/Oct/2001:11:07:50 1000] "GET /logintest/ HTTP/1.1" 302 654 127.0.0.1 - - [31/Oct/2001:11:07:50 1000] "GET /logintest/index.html HTTP/1.1" 304 - 127.0.0.1 - - [31/Oct/2001:11:07:51 1000] "GET /logintest/secure/securepage.html HTTP/1.1" 302 654 127.0.0.1 - - [31/Oct/2001:11:07:53 1000] "GET /logintest/LoginForm.html HTTP/1.1" 200 679 127.0.0.1 - - [31/Oct/2001:11:07:58 1000] "POST /logintest/j_security_check HTTP/1.1" 302 654 127.0.0.1 - tomcat [31/Oct/2001:11:07:58 1000] "GET /logintest/secure/securepage.html HTTP/1.1" 304 - As you can see, the difference is in the last line of each section: In the first time, tomcat returns HTTP-Code 200 (OK), the second time it returns 304 (Not Modified). It would be great if anybody would have any suggestions how I can change this behaviour. Thanks, Frank ---------------------------------------------------------- Frank Eichfelder, Dipl.-Inf. T-Systems Nova GmbH Entwicklungszentrum Darmstadt Bereich EP 1 - Bamberg Memmelsdorfer Straße 209a, 96052 Bamberg Germany MailTo:[EMAIL PROTECTED] ---------------------------------------------------------- -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>