> Scott Ferguson <[EMAIL PROTECTED]> wrote:

> Are cookies/sessions enabled?

Cookies yes.
How do I verify sessions?
This is Firefox on Linux talking to Resin running on Linux if that matters.

> Normally, the sequence goes:
>    1. request protected page
>    2. Resin redirects to login form with an action of  
> j_security_check (and stores the URL of the page in the session)
>    3. User submits form to j_security_check
>    4. j_security_check authenticates the user
>    5. if successful, it forwards to the original page.
> For step #5 to work, Resin needs to know what the original page is.   
> Normally, it either gets the page from the session URL saved in #2,  
> or if the login form adds a j_uri="..." parameter, Resin can redirect  
> to the j_uri parameter.

I assume resin saves this url when the session flunks "is logged in" and
does the redirection.

> So, it sounds like the session isn't being kept (or is invalidated or  
> something similar.)  Do you have any idea why that may be happening  
> (e.g. cookies disabled), or does your application flow look different  
> than #1-5.

My flow is exactly what you descripe.
Start at unsecure index.html
link to protected.jsp
user clicks to follow link.
login.jsp form has layout, Resin kicks it off.
in login.jsp is hidden field j_uri with value of "protected.jsp"

When user (actually me) clicks "ok" on form, action goes to j_security_check

where it blows up with message

Could be something wrong in my web.xml, we never used it when I started 
using Resin back in 1999.

Pat Farrell

resin-interest mailing list

Reply via email to