RE: Tomcat 6.0.24 requires me to log on twice

-Original Message- From: Terry Horner [mailto:t.hor...@dancerace.com] Sent: Friday, April 09, 2010 5:08 PM To: users@tomcat.apache.org Subject: RE: Tomcat 6.0.24 requires me to log on twice -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net

RE: Tomcat 6.0.24 requires me to log on twice

No, the logon page is very simple, without the navigation bar, so it doesn't link that page -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Friday, April 09, 2010 5:53 PM To: Tomcat Users List Subject: Re: Tomcat 6.0.24 requires me to log on twice Terry, does

RE: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/9/2010 12:14 PM, Terry Horner wrote: The problem seems to occur if there are any restricted resources within a page - it doesn't seems too outlandish for someone to restrict access to their images folder (say, it has client

RE: Tomcat 6.0.24 requires me to log on twice

-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 09, 2010 5:55 PM To: Tomcat Users List Subject: Re: Tomcat 6.0.24 requires me to log on twice -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/9/2010 12:08 PM, Terry

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/12/2010 8:05 AM, Terry Horner wrote: That would be illogical, but it's not what I'm doing - in our system (and in the hypothetical example) the restricted images are inside a restricted page. The bookmarks are to a restricted page,

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/12/2010 9:23 AM, Terry Horner wrote: Looking at old logfiles from slightly older tomcat 6.0 versions this seems to be normal - this request in the last step in the request data page-get sent to logon page-send username and

RE: Tomcat 6.0.24 requires me to log on twice

-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, April 12, 2010 2:48 PM To: Tomcat Users List Subject: Re: Tomcat 6.0.24 requires me to log on twice -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/12/2010 9:23 AM, Terry

RE: Tomcat 6.0.24 requires me to log on twice

-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, April 12, 2010 2:40 PM To: Tomcat Users List Subject: Re: Tomcat 6.0.24 requires me to log on twice -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/12/2010 8:05 AM, Terry

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/12/2010 11:38 AM, Terry Horner wrote: The webapp is one of two in a single sign-on environment, and listens on /. The other webapp is a simple one used to provide a client with a customised login page (they go to

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/12/2010 11:23 AM, Terry Horner wrote: org.apache.catalina.valves.ExtendedAccessLogValve the definition is within the host, not the context. The log pattern string is now c-dns x-H(remoteUser) date time x-H(protocol) cs-method

Re: Tomcat 6.0.24 requires me to log on twice

On 08/04/2010 23:34, Christopher Schultz wrote: This happens on Tomcat 6.0.24 and 6.0.26, but not 6.0.20, which makes me think it is related to change 45255 (Provide protection against session fixation by changing session ID automatically on authentication.), in the dev environment tomcat is

RE: Tomcat 6.0.24 requires me to log on twice

Hi, thanks for the analysis -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, April 08, 2010 11:35 PM To: Tomcat Users List Subject: Re: Tomcat 6.0.24 requires me to log on twice -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry

RE: Tomcat 6.0.24 requires me to log on twice

-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, April 09, 2010 8:06 AM To: Tomcat Users List Subject: Re: Tomcat 6.0.24 requires me to log on twice On 08/04/2010 23:34, Christopher Schultz wrote: This happens on Tomcat 6.0.24 and 6.0.26, but not 6.0.20

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/9/2010 12:14 PM, Terry Horner wrote: The problem seems to occur if there are any restricted resources within a page - it doesn't seems too outlandish for someone to restrict access to their images folder (say, it has client logos in

Re: Tomcat 6.0.24 requires me to log on twice

Terry, does your login page reference the same script URL as the secured pages, by any chance? p On 9 April 2010 17:39, Christopher Schultz ch...@christopherschultz.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/9/2010 12:14 PM, Terry Horner wrote: The problem

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/9/2010 12:08 PM, Terry Horner wrote: That was a javascript error in the onsubmit in the logon form (the onSubmit called a function to disable the button which both submitted the form an returned true. d'oh), now fixed. That's what I

Re: Tomcat 6.0.24 requires me to log on twice

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terry, On 4/8/2010 9:12 AM, Terry Horner wrote: I am having a problem with Tomcat - if I log on to a page which contains a restricted resource, it shows me the page (and any unrestricted images, etc), but doesn't show the restricted resource (I