Adam, I am in the same issue as you and haven't come out with any workaround yet...
However, in my site, the login form could be an html because I don't need to maintain a session until the user has logged-in. Do you really need to maintain a session, even when the user is just browsing static html files (before logging in)??? If the answer is no, then you could have an html login form. Jose On Sun, Sep 28, 2003 at 05:10:52PM +0200, Adam Hardy wrote: > I think I have a problem. > > I want form-based container-managed authentication on my app. > > I also want to allow cookies to be disabled. > > And I want to keep my JSPs under WEB-INF for security. > > It seems I cannot have these 3 combined, because disabling cookies means > I have to do URL rewriting in the login form action URL, therefore my > login form has to be a JSP and cannot be just plain .html . > > But while I do not want any JSPs outside of WEB-INF, I can't configure > my login form to be in WEB-INF. > > Is this true, or is there a work-around? > > Thanks > Adam > > > -- > struts 1.1 + tomcat 4.1.27 + java 1.4.2 > Linux 2.4.20 RH9 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
