One problem that Tomcat web apps have is that the login page remains in the browser history and if the user navigates to one of these and tries to use it, they get a rather incomprehensible result.
In Tomcat 3.x we had a good solution (the only one I have been able to find anywhere) which depends upon setting a parameter to indicate that the page has been used (this is used by JavaScript) to write "Page invalidated" or whatever you want). Unfortunately Tomcat 4.x seems to clear all the parameters. I suppose there may be some good security reason for clearing the username and password, but can't it leave other parameters alone? Thanks, Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
