No, I don't know what more can be said. I think it is just impossible!
We can put men on the moon, but if the browser has cookies disabled ... ;)
The dynamic information, i.e. the original request url, has to be saved
somewhere during the authentication process by the app server.
Cookies are di
I am sorry Adam, I guess you are doing in-container authentification. I know very
little about that, thus I cannot say anything... I do my own authentification. You can
create a session after the user auth there.
other ideas or comments
Jose
On Sun, Sep 28, 2003 at 06:50:05PM +0200, Adam H
Jose, Adam
It's not the best solution, but it should be possible to not set the
SESSIONID in a cookie, but in (a) hidden form field(s). Remember when you do
this, that you need a very strong security encryption. It requires that you
overload the SESSIONID get function, which I think must be possib
On 09/28/2003 06:09 PM Jose Alfonso Martinez wrote:
Do you really need to maintain a session, even when the user is just browsing static html files (before logging in)??? If the answer is no, then you could have an html login form.
Try it! If tomcat doesn't have a session id to store the user's r
Adam,
I am in the same issue as you and haven't come out with any workaround yet...
However, in my site, the login form could be an html because I don't need to maintain
a session until the user has logged-in.
Do you really need to maintain a session, even when the user is just browsing static
I think I have a problem.
I want form-based container-managed authentication on my app.
I also want to allow cookies to be disabled.
And I want to keep my JSPs under WEB-INF for security.
It seems I cannot have these 3 combined, because disabling cookies means
I have to do URL rewriting in the
