The login page shouldn't be referred to directly. The standard states that when a user first tries to access a resource secured by a security constraint then they will be forwarded to the login page. Don't put the login form in you index.jsp.. or have your index.jsp being secure so that the user is forwarded to the login form on first visiting your website. Hamish
-----Original Message----- From: Paul Hunnisett [mailto:[EMAIL PROTECTED]] Sent: Friday, August 09, 2002 1:36 PM To: [EMAIL PROTECTED] Subject: Problems getting login to work Hello, I'm trying to get users to log in to my app by using login-config in my web.xml. Most of my site is protected using security constraints. For some reason, now whenever I try to log in as a registered user, I get the following error: The request sent by the client was syntactically incorrect (Invalid direct reference to form login page) The login page is included using <jsp:include> on my index jsp and is a simple login form using j_security-check etc... Any thoughts as to why this might be happening. I am running tomcat 4.1 on Linux using JDK1.4 - although I need this to work on Windows as well. (I get the same problem when trying to run this on Windows) Paul Hunnisett -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>