Triple login needed with cookie disabled browser to access protected webapp?!

Mon, 21 Jan 2002 07:29:17 -0800 

I have a strange problem with Tomcat 4.0.1.

I am using FORM authentication for my webapp.
Every time a user tries to access my webapp, he must login 3 times to get the index 
page.

First login is needed for getting main context (--> "/cm")
Second login is needed for "/cm/"  (note / at the end)
And the last login is needed for "/cm/index.jsp"  --> welcome file...

When I access the page directly to /cm/index.jsp everything works fine.
But when I access the webapp without the "full path", the are more requests generated, 
each one with its own session ID...

This situation can only be seen in borwser with 100% ALL cookies blocked.
I am using response.encodeURL() method for URL rewriting everywhere in my WebApp...

What should be the solution?
Or is the only way to avoid this multiple login just using the full path for welcome 
file?
Or any other setting in web.xml (or server.xml)?
It is much nicer to access the webapp with http://server/app instead of 
http://server/app/index.jsp.
Don't you think so?

I have tried to set the correct <url-pattern>, but *.jsp does not seem to work for all 
jsp pages...
This pattern (according to my trials) works only as left pattern (= eee* would be the 
rule for all pages beginning with 'eee').
Is there any other mask character?

Here is a part from my access log file.

 - [21/Jan/2002:16:03:31 1000] "GET /cm HTTP/1.0" 302 647
 - [21/Jan/2002:16:03:35 1000] "GET /cm/login.jsp HTTP/1.0" 200 957
 - [21/Jan/2002:16:03:41 1000] "POST /cm/j_security_check HTTP/1.0" 302 647
 gabriel [21/Jan/2002:16:03:42 1000] "GET /cm HTTP/1.0" 302 647

 - [21/Jan/2002:16:03:44 1000] "GET /cm/ HTTP/1.0" 302 647
 - [21/Jan/2002:16:03:50 1000] "GET /cm/login.jsp HTTP/1.0" 200 957
 - [21/Jan/2002:16:03:55 1000] "POST /cm/j_security_check HTTP/1.0" 302 647
 gabriel [21/Jan/2002:16:03:56 1000] "GET /cm/ HTTP/1.0" 302 647

 - [21/Jan/2002:16:03:57 1000] "GET /cm/index.jsp HTTP/1.0" 302 647
 - [21/Jan/2002:16:03:59 1000] "GET /cm/login.jsp HTTP/1.0" 200 957
 - [21/Jan/2002:16:04:03 1000] "POST /cm/j_security_check HTTP/1.0" 302 647
 gabriel [21/Jan/2002:16:04:04 1000] "GET /cm/index.jsp HTTP/1.0" 200 762

Thanx for any advice.

Gabriel


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Reply via email to