I have a servlet thats exhibiting strange behavior. (Actually, some of the things I've got it doing are a bit unconventional anyway as far as I can tell. I'm rewriting an ASP application...) I'm running on an NT 4.0 machine with Apache 1.3.9 and JServ 1.0 Background: Our servlet, called 'login', handles logging users into our web application. When the user first requests the login servlet it sends the user a page who's goal it is to determine whether or not the user has cookies and/or javascript enabled. (Both of these are essential to the correct functioning of the application so if they are disabled in the user's browser we won't don't want him to even try logging in) The user never really sees this test page. It consists of a form (action='login', method='POST') with a single hidden input, a <SCRIPT> and a <NOSCRIPT> section. If the user has JavaScript enabled, the <SCRIPT> section contains javascript which automatically submits the form causing the 'login' servlet to be requested by the browser a second time. If JavaScript is disabled, the <NOSCRIPT> section prints an error telling the user to activate JavaScript in his browser. So every time a user wants to log into our system, the 'login' servlet is run twice, first to send the user a test page, then a second time when the javascript submits the test page form. The login servlet looks to see if the request object contains the hidden input value from the form, if so it knows that the user must have javascript enabled. Also, if the request object contains the hidden input value it calls the session object's isNew() method. It *assumes* that if isNew() returns true, the user must have cookies disabled. If it returns false, the login servlet presents the user with a form containing user name and password fields. The user can then type his name and password, submit the form (method='POST', action='login') and the login servlet is called yet a third time to validate the user's name and password. All this worked fine when using the servlet runner. I configured my web browser (Netscape) to prompt me for conformation whenever a server sends me a cookie and with servletrunner I got what I expected. However, with JServ I get two session cookies sent to the browser by the login server during this whole sequence. ***** So, my first question is: Why are two session cookies being sent to the browser? Once the login servlet authenticates the user's password it redirect the user to another page. Also, if the user accesses the login servlet anytime after he's already been authenticated, the login servlet redirects him to another page. ***** So my second problem is this: Once the login servlet has redirected the user to another page, how do I prevent the user from hitting the 'Back' button on his browser and seeing the login form again. I've tried setting the HTTP 'Expires' header with limited success. I'd like the login servlet to be run if the user hits the 'Back' button. When I set the 'Expire' header, sometimes I get a page indicating that the requested page has expired, sometimes it actually runs causes the login servlet to be run/requested as I want. Any help would be appreciated. Thanks in advance, Bruce ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
