Re: HTTP Status 400 - Invalid direct reference to form login page!
After I perform the log out I call a redirect function to a protected resource and that goes well. Somewhere I found that I need to set this tag in mai login.html page: META HTTP-EQUIV = Pragma CONTENT=no-cache META HTTP-EQUIV = Cache-control CONTENT=no-cache And I did that and after I hit the logout button and perform another login it seem to work, but if I continue and log out and then again log in the problem occurs again! Thank you for your time! On Fri, Jun 4, 2010 at 12:11 PM, Pid p...@pidster.com wrote: On 04/06/2010 01:19, Martin Gainty wrote: the reference is to URLEncoder class URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format javadoc for encode methods of the URLEncoder are illustrated at http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html Not it's not, it's a reference to response.encodeRedirectURL(path) Instead of continuing to talk about this in the abstract, how about you post some details of your configuration and the code you're using to logout? Where is the login form, what URL is it? Which URL are you redirecting to after logout, and how are you doing that? etc p __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Fri, 4 Jun 2010 00:34:36 +0300 Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! From: george.pu...@gmail.com To: users@tomcat.apache.org Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing.* After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's form(how can I test that?) Thank you very much On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 400 - Invalid direct reference to form login page!
The encoding is ok I tried it out today. But I need to add one more thing the problem doesn't appear on Google Chrome but it appears on IE8 and Mozila 3.5.9. On Fri, Jun 4, 2010 at 3:19 AM, Martin Gainty mgai...@hotmail.com wrote: the reference is to URLEncoder class URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format javadoc for encode methods of the URLEncoder are illustrated at http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html Martin __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Fri, 4 Jun 2010 00:34:36 +0300 Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! From: george.pu...@gmail.com To: users@tomcat.apache.org Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing.* After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's form(how can I test that?) Thank you very much On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc k+4An0eBb+93c9XYCgzNXnF4BZop8NTI =lzIW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 400 - Invalid direct reference to form login page!
Please I really need help. I found out today that it work's on opera to. Many thanks!!! On Fri, Jun 4, 2010 at 8:59 AM, Gheorghe Pucea george.pu...@gmail.comwrote: The encoding is ok I tried it out today. But I need to add one more thing the problem doesn't appear on Google Chrome but it appears on IE8 and Mozila 3.5.9. On Fri, Jun 4, 2010 at 3:19 AM, Martin Gainty mgai...@hotmail.com wrote: the reference is to URLEncoder class URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format javadoc for encode methods of the URLEncoder are illustrated at http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html Martin __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Fri, 4 Jun 2010 00:34:36 +0300 Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! From: george.pu...@gmail.com To: users@tomcat.apache.org Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing.* After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's form(how can I test that?) Thank you very much On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc k+4An0eBb+93c9XYCgzNXnF4BZop8NTI =lzIW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 400 - Invalid direct reference to form login page!
On 04/06/2010 01:19, Martin Gainty wrote: the reference is to URLEncoder class URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format javadoc for encode methods of the URLEncoder are illustrated at http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html Not it's not, it's a reference to response.encodeRedirectURL(path) Instead of continuing to talk about this in the abstract, how about you post some details of your configuration and the code you're using to logout? Where is the login form, what URL is it? Which URL are you redirecting to after logout, and how are you doing that? etc p __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Fri, 4 Jun 2010 00:34:36 +0300 Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! From: george.pu...@gmail.com To: users@tomcat.apache.org Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing.* After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's form(how can I test that?) Thank you very much On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 signature.asc Description: OpenPGP digital signature
RE: HTTP Status 400 - Invalid direct reference to form login page!
I had that happen periodically for years with my version of TC 4.1.31. With some folks, we could get it to go away, by cleaning out browser cache. With others, it was the same people that incurred it all the time. They could access other protected areas, but not the one. I ended up making a duplicate non-protected piece for them. For me it wasn't a big deal, because they already were -- in a sense -- in a protected piece to begin with. But it would have been better if it'd worked. -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 9:30 AM To: users@tomcat.apache.org Subject: HTTP Status 400 - Invalid direct reference to form login page! Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Barry, Thank you very much for your quick respone, but I think that version of Tomcat was very old compared to Tomcat 6.0.26 I think the problem should be fix by now. So you suggest that I manually should clear my browser's cache?And this should fix my problem? On Thu, Jun 3, 2010 at 7:10 PM, Propes, Barry L barry.l.pro...@citi.comwrote: I had that happen periodically for years with my version of TC 4.1.31. With some folks, we could get it to go away, by cleaning out browser cache. With others, it was the same people that incurred it all the time. They could access other protected areas, but not the one. I ended up making a duplicate non-protected piece for them. For me it wasn't a big deal, because they already were -- in a sense -- in a protected piece to begin with. But it would have been better if it'd worked. -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 9:30 AM To: users@tomcat.apache.org Subject: HTTP Status 400 - Invalid direct reference to form login page! Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* signature.asc Description: OpenPGP digital signature
RE: HTTP Status 400 - Invalid direct reference to form login page!
It worked for some users; for others it did not. I'm not sure I ever received a definitive reason for it happening - especially to random users -- but it happened to the same set of users most all the time, where others weren't affected. You could try that first, and see if that worked. If not, I'm not sure what to tell you. Maybe some others on this forum would know better than I. -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 11:47 AM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Hello Barry, Thank you very much for your quick respone, but I think that version of Tomcat was very old compared to Tomcat 6.0.26 I think the problem should be fix by now. So you suggest that I manually should clear my browser's cache?And this should fix my problem? On Thu, Jun 3, 2010 at 7:10 PM, Propes, Barry L barry.l.pro...@citi.comwrote: I had that happen periodically for years with my version of TC 4.1.31. With some folks, we could get it to go away, by cleaning out browser cache. With others, it was the same people that incurred it all the time. They could access other protected areas, but not the one. I ended up making a duplicate non-protected piece for them. For me it wasn't a big deal, because they already were -- in a sense -- in a protected piece to begin with. But it would have been better if it'd worked. -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 9:30 AM To: users@tomcat.apache.org Subject: HTTP Status 400 - Invalid direct reference to form login page! Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HTTP Status 400 - Invalid direct reference to form login page!
Yeah, I'd say he shouldn't be going back to the login page but rather to the protected page. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 03, 2010 12:11 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Barry, Exactly that is my problem, on every forum says that this error happens when you access directly the login page, but when I log out from my app I redirect the url to point to a restricted resource then my login page appears and when I enter the username/password the error apears. So after the log out I don't point directly to the login page insted I point to a restricted page and when I get redirected to the login I type my username/pass and I get the error. Thank you very much for your time, I really appreciate!!! On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L barry.l.pro...@citi.comwrote: Yeah, I'd say he shouldn't be going back to the login page but rather to the protected page. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 03, 2010 12:11 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
Sorry Pid I didn't noticed your message. By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. Thank you very much for your time Really appreciate! On Thu, Jun 3, 2010 at 8:11 PM, Pid p...@pidster.com wrote: On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!*
RE: HTTP Status 400 - Invalid direct reference to form login page!
Sounds like the session's not getting invalidated properly? -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 1:13 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Hello Barry, Exactly that is my problem, on every forum says that this error happens when you access directly the login page, but when I log out from my app I redirect the url to point to a restricted resource then my login page appears and when I enter the username/password the error apears. So after the log out I don't point directly to the login page insted I point to a restricted page and when I get redirected to the login I type my username/pass and I get the error. Thank you very much for your time, I really appreciate!!! On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L barry.l.pro...@citi.comwrote: Yeah, I'd say he shouldn't be going back to the login page but rather to the protected page. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 03, 2010 12:11 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
Exactly, I supposed that too but when the user click's the logout button a servlet is called and that servlet invalidates the session after that from the server side a response is given back to the UI from where my application is redirected to a restricted resource. So I checked the servlet that does the invalidation and it look's fine. I spend 2 whole days googling and trying to solve the issue and don't know what else to do. It is the first time form me to work with JAAS on Tomcat and I don't exactly know if the problem is caused by JAAS or by Tomcat but I checked the login module and it work's fine and I think this issue is related to Tomcat. So please if you have another idea please share it. Thank you, On Thu, Jun 3, 2010 at 10:27 PM, Propes, Barry L barry.l.pro...@citi.comwrote: Sounds like the session's not getting invalidated properly? -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 1:13 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Hello Barry, Exactly that is my problem, on every forum says that this error happens when you access directly the login page, but when I log out from my app I redirect the url to point to a restricted resource then my login page appears and when I enter the username/password the error apears. So after the log out I don't point directly to the login page insted I point to a restricted page and when I get redirected to the login I type my username/pass and I get the error. Thank you very much for your time, I really appreciate!!! On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L barry.l.pro...@citi.com wrote: Yeah, I'd say he shouldn't be going back to the login page but rather to the protected page. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 03, 2010 12:11 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HTTP Status 400 - Invalid direct reference to form login page!
Would there be some sort of caching mechanism keeping the session alive somehow? -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 2:37 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Exactly, I supposed that too but when the user click's the logout button a servlet is called and that servlet invalidates the session after that from the server side a response is given back to the UI from where my application is redirected to a restricted resource. So I checked the servlet that does the invalidation and it look's fine. I spend 2 whole days googling and trying to solve the issue and don't know what else to do. It is the first time form me to work with JAAS on Tomcat and I don't exactly know if the problem is caused by JAAS or by Tomcat but I checked the login module and it work's fine and I think this issue is related to Tomcat. So please if you have another idea please share it. Thank you, On Thu, Jun 3, 2010 at 10:27 PM, Propes, Barry L barry.l.pro...@citi.comwrote: Sounds like the session's not getting invalidated properly? -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 1:13 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Hello Barry, Exactly that is my problem, on every forum says that this error happens when you access directly the login page, but when I log out from my app I redirect the url to point to a restricted resource then my login page appears and when I enter the username/password the error apears. So after the log out I don't point directly to the login page insted I point to a restricted page and when I get redirected to the login I type my username/pass and I get the error. Thank you very much for your time, I really appreciate!!! On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L barry.l.pro...@citi.com wrote: Yeah, I'd say he shouldn't be going back to the login page but rather to the protected page. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 03, 2010 12:11 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
I didn't found one.I don't know, but when I close my browser or I refresh the page it work's so it's definitely something about the session. Thank you! On Thu, Jun 3, 2010 at 11:01 PM, Propes, Barry L barry.l.pro...@citi.comwrote: Would there be some sort of caching mechanism keeping the session alive somehow? -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 2:37 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Exactly, I supposed that too but when the user click's the logout button a servlet is called and that servlet invalidates the session after that from the server side a response is given back to the UI from where my application is redirected to a restricted resource. So I checked the servlet that does the invalidation and it look's fine. I spend 2 whole days googling and trying to solve the issue and don't know what else to do. It is the first time form me to work with JAAS on Tomcat and I don't exactly know if the problem is caused by JAAS or by Tomcat but I checked the login module and it work's fine and I think this issue is related to Tomcat. So please if you have another idea please share it. Thank you, On Thu, Jun 3, 2010 at 10:27 PM, Propes, Barry L barry.l.pro...@citi.com wrote: Sounds like the session's not getting invalidated properly? -Original Message- From: Gheorghe Pucea [mailto:george.pu...@gmail.com] Sent: Thursday, June 03, 2010 1:13 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! Hello Barry, Exactly that is my problem, on every forum says that this error happens when you access directly the login page, but when I log out from my app I redirect the url to point to a restricted resource then my login page appears and when I enter the username/password the error apears. So after the log out I don't point directly to the login page insted I point to a restricted page and when I get redirected to the login I type my username/pass and I get the error. Thank you very much for your time, I really appreciate!!! On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L barry.l.pro...@citi.com wrote: Yeah, I'd say he shouldn't be going back to the login page but rather to the protected page. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 03, 2010 12:11 PM To: Tomcat Users List Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! On 03/06/2010 15:29, Gheorghe Pucea wrote: Hello, I have a problem with my Tomcat instance, I'm using: Tomcat 6.0.26 Java jdk 1.5.0_17 Windows XP SP3 I have implemented a JAAS login module for my application and everything goes fine except from one thing. Here are the steps that I am doing: 1)Request a protected resource - the login form show's up and I enter my username and password 2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message: (If I refresh the login page immediately when I hit the logout button everything goes weel) Please explain what you mean by when I get back to the login page. Why are you going back to the login page? p HTTP Status 400 - Invalid direct reference to form login page -- *type* Status report *message* *Invalid direct reference to form login page* *description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)* * * * * * * *Thank you very much!* - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc k+4An0eBb+93c9XYCgzNXnF4BZop8NTI =lzIW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing.* After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's form(how can I test that?) Thank you very much On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc k+4An0eBb+93c9XYCgzNXnF4BZop8NTI =lzIW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: HTTP Status 400 - Invalid direct reference to form login page!
the reference is to URLEncoder class URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format javadoc for encode methods of the URLEncoder are illustrated at http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html Martin __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Fri, 4 Jun 2010 00:34:36 +0300 Subject: Re: HTTP Status 400 - Invalid direct reference to form login page! From: george.pu...@gmail.com To: users@tomcat.apache.org Hello Cris, *After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing.* After the session get's invalidate(on the server side) my code send back a request success to the UI and then the Ui redirect's my app to the protected resource. *Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser?* My cookies are enabled. But I don't know exactly if the login/logout code form properly encode the session id into it's form(how can I test that?) Thank you very much On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gheorghe, On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: By when I get back to the login page I mean that I log out from my app and then I redirect my app to a restricted resource and when my login page appears I type my User/pass and the error occurs. I want to add something, when I log out and after I redirect my app to a protected resource the login page show's up if I hit the refresh button on my browser and I type in my user/pass it works. After you call session.invalidation(), what does your code do, specifically? If you do a forward to a protected resource, strange things may happen with cookie-passing. Does your login form properly encode the session id into it's form action? Does your logout code properly encode the session id into the redirect URL? Have you enabled/disabled cookies in your web browser? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc k+4An0eBb+93c9XYCgzNXnF4BZop8NTI =lzIW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5