When the login.jsp page is presented as part of the login process, there will be some standard request attributes containing the original requested page (I don't remember the names now, but you can find them in the servlet spec). They are used by the servlet container to redirect to the correct page once your login data is validated, and will be not present if you point to the page directly from the browser. You can check for the existence of these attributes, and if they are not present redirect to your webapp homepage. This way, the correct login steps will be followed.
HTH, Rodrigo Ruiz
Adam Hardy wrote:
On 12/08/2003 11:59 PM Chaikin, Yaakov Y (US SSA) wrote:
I realized that my user can mess himself by bookmarking the login page he is asked to log in. The login.jsp appears in the URL address in the browser...
Does anyone know how to avoid this? How do I block that URL for the user and not for the server?
Hi Yaakov,
I think the best way to deal with this situation is to configure tomcat to catch the error status 403 or whatever it is and then serve up an error page with a calm, logical explanation of why they shouldn't do that.
Or upgrade to tomcat 5.
Adam
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
