Hello, all -- I have a small application consisting of servlets and jsp pages. I use form based authentication via j_security_check to login.
I have a strange problem know how to solve. I have implemented a simple logout procedure whereby the logout servlet invalidates the session, and then transfers to a final thanks.jsp page that just says "thanks..". So far, so good. However, I wanted to try and do something about the back button issue, so, on the main.jsp page that calls the logout, I wrote this bit of javascript: <a href="greeting?event=LOGOUT" onclick="javascript:window.location.replace(this.href); event.returnValue=false; ">logout</a> Ok, this seems to work fine. After logout, if the user is sitting on the thanks.jsp page, and presses the back button, it skips back to the initial login.jsp page (ignoring the main.jsp page that used to be in between. Good.. However! If I try and use the login.jsp page at that point, I get this error from tomcat: Apache Tomcat/4.0.3 - HTTP Status 400 - Invalid direct reference to form login page So, it seems at that point that the login page doesn't know where I want to go, and bombs. The place where I do want to go is greeting?event=WELCOME, but j_security_check has no way of knowing that, because it didn't come in throught the URL. Since we came back to login.jsp via the back button, it isn't there. Any ideas on how to solve this? Thanks Paul Phillips -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
