Hi,
I have implemented this and on first sight it seems to work perfectly. Can
you please just confirm my understanding of it though so I am sure I know
what I am doing:
1. The error page part need never really come in to play.
2. A user calls the login page and it basically is using the session's isNew
method to decide whether this is a session just newly created from a
bookmark or a session that was in existence before the login page was
displayed as would be the case with one that had been created in whichever
page had called index.jsp.
Thanks,
Andoni.
----- Original Message -----
From: "Jon Wingfield" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Wednesday, November 19, 2003 2:54 PM
Subject: Re: j_security_check - Bookmarking the login page. A teaser!
> The bookmarking of the login page is a well known issue. However,
> without dumping CMS there seems to be little to do but resort to a few
> hacks ;(
>
> Our hack pt1:
> Add to the top of the login page a redirect to a sensible entry point
> for the app:
> <% if (request.getSession(false).isNew())
> response.sendRedirect("/index.jsp"); %>
>
> Our hack pt2:
> Add an error page that catches the 'illegal direct reference to login
> page' (or whatever it is). Use this error page to redirect to a sensible
> entry point to the app.
> eg:
> <% Object badUri =
request.getAttribute("javax.servlet.error.request_uri");
> Object errorCode =
> request.getAttribute("javax.servlet.error.status_code");
> if ("/j_security_check".equalsIgnoreCase(badUri.toString())
> && "400".equals(errorCode.toString())) {
> response.sendRedirect("/index.jsp");
> return;
> }
> %>
>
> Pt 2 also catches things like a user sitting on the login page until the
> session times out.
>
> HTH,
>
> Jon
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
