Hi Adoni, No... you are not alone. I've been there too!
My half hearted solution was to simply display a message on the login page asking them not to bookmark it. I think the proper solution would be to allow developers to specify a 'default' url along with the login and error urls. This page could then be displayed instead of the error page when there is no saved target url. You will probably also come across another non-obvious problem to do with form-based security. When people use download accelerators like 'GetRight' etc these programs attempt to download a given url. Unfortunately if the item they are trying to download falls under your protected region Tomcat will present them with the login page instead of the resource they were after. This will happen even if you have successfully logged in because as far as Tomcat is concerned the request came from a new and as yet not logged in session. Regards, David Legg Web Analyst - 3Dlabs --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
