I asked this a month ago on this list, but I didn't get a reply. --------------------------------------- If I have my web application configured with form-based auth, I can try to go to this URL (say):
http://localhost/myapp and if I haven't logged in, it will send me to the login page. If I then enter the correct userid and password and click submit, it will send me to the page that the original URL would have sent me to. I have this working. However, even though it brought up the correct page, the URL field in the browser says this: http://localhost/mypapp/login/j_security_check I would think it would be better if it just said the original URL. Should I care about this? Is there anything practical I can do about this? Should I have a filter check for new sessions and immediately do a "redirect" to the application home page (which would force a single entry point)? Note that I'm not certain yet whether I want to allow any entry point into the application, or restrict them to a single entry point. I would guess that if I restricted it to a single entry point, I could have an intermediate page just do a redirect to the real entry point. If it matters, I'm using OC4J 9.0.2 as my application server, on Win2k. ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
