I have done this with TC 3.3, Apache 1.3.20 + mod_jk and my own form based authentication:
Pages: /login/login.vm <-- login page /login/error.vm <-- error page /login/index.vm <-- default index page If someone goes to /login/login.vm directly and gets authenticated, the page /login/index.vm gets displayed, which can then do whatever it wants (ie. redirect somewhere else, display error, content etc.) The pages I use are Velocity pages, but I don't think that JSP would be any different. Bojan Steve Downey wrote: > > "Train the user not to do that" is a cop out. If an application doesn't work > the way users expect, it's a problem with the application, not the user. > That's usability 101. > > If the user shouldn't bookmark the login page, they shouldn't ever be > exposed to the URI for the login page. That makes it impossible to bookmark. > The only URI that the user should see is the URI for the protected resource.
