Your problem has just recently been discussed on this list. Ben Jessel
proposed a workaround which I attached below. Hopefully, this might work for
you.
Stefan
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 1:42 PM
To: [EMAIL PROTECTED]
Subject: Possible workaround for invalid direct reference to
login page
Java Authentication with tomcat relies on realms. If you
access a page
protected by that realm you get directed to the login page.
However, it is possible to go directly to the login page (
this can happen
when users bookmark the login page inadvertantly ).
This happens in two scenarios:
1) The user is already logged in.
2) The user is not logged in.
If you authenticate yourself once you have gone directly to the login
page, you get a invalid direct reference error. Fair
enough, the login
page is trying to redirect to itself. Now, I tried to
workaround this by
checking if the session is null, and if it is, redirecting to some
protected page, eg. protected/index.jsp. No luck. It seems
that a session
is implicitly created, and a new session id gets created.
So I've tried a cookie strategy:
%
if ( request.getCookies()==null ) {
response.sendRedirect(//jsp/protected/index.jsp);
}
if ( request.getRemoteUser()!=null )
{
response.sendRedirect(/x/jsp/protected/index.jsp);
}
%
i.e, we wont have a cookie if we've gone directly to the
login page. But
we will have if we've tried to access a protected page and
then we've been
forwarded to a login page, tomcat will give us a cookie.
Now if we're already logged in ( which we check with
getRemoteUser() ,
then we just forward to user to an index page.
This seems o.k. However my index page actually includes my
login page! I'm
planning to get around this with some logic that only
includes the login
page excerpt if we are not logged in..
Ben
-Original Message-
From: Brian Kuhn [mailto:[EMAIL PROTECTED]
Sent: Sunday, June 29, 2003 1:16 AM
To: [EMAIL PROTECTED]
Subject: invalid direct reference to form login page...
Hi all,
I've set up Tomcat (4.1.24) to do form based authentication.
Everything
works great, except I've had to deal with a lot of users that
type in the
url I've given them, get redirected to the login page, and
bookmark the
login page before logging in. Later, when they use the
bookmark, they get
sent to the login page, but get a Invalid direct reference
to form login
page... message once they log in.
I understand why this happens, but don't know what to do
about it. Is there
a way to specify a default page to go to when the login page
is requested
directly?
Thanks,
Brian Kuhn
Telscape Communications
Brian Kuhn
[EMAIL PROTECTED]
_
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]