> -----Original Message----- > From: Karr, David [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 01, 2002 9:39 AM > To: [EMAIL PROTECTED] > Subject: With form-based auth, making ending URL not include > "j_security_c heck"?
> If I have my web application configured with form-based auth, > I can try to > go to this URL (say): > > http://localhost/myapp > > and if I haven't logged in, it will send me to the login > page. If I then > enter the correct userid and password and click submit, it > will send me to > the page that the original URL would have sent me to. I have > this working. > > However, even though it brought up the correct page, the URL > field in the > browser says this: > > http://localhost/mypapp/login/j_security_check > > I would think it would be better if it just said the original URL. > > Should I care about this? Is there anything practical I can > do about this? > Should I have a filter check for new sessions and immediately do a > "redirect" to the application home page (which would force a > single entry > point)? I'm still trying to determine what, if anything, I can do about this. I'm still pursuing this question with Oracle, but I haven't had much luck yet. Is there anything I can write in a Servlet filter that would detect this? I tried having a filter print out the request path for every request, and even though "j_security_check" showed up in the browser URL, my filter never saw that path. ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
