As Craig wrote below: > You should never reference the URL of the login page directly. Instead, > if you want to make them log back in, you should simply redirect them to > some page within the protected area (perhaps the main menu). The usual > login dialog will happen.
I am not referencing the URL of the login page directly. (At least I'm trying not to! :)) That is the problem. The direct reference is a byproduct of the user pressing the back button when the "regular" intervening pages have been erased from history using javascript. I still can't figure out a way around this... Any ideas are appreciated... Paul Phillips --On Tuesday, July 9, 2002 10:50 AM -0700 "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote: > > > On Tue, 9 Jul 2002, Paul Phillips wrote: > >> Date: Tue, 09 Jul 2002 10:40:13 -0500 >> From: Paul Phillips <[EMAIL PROTECTED]> >> Reply-To: Tomcat Users List <[EMAIL PROTECTED]> >> To: Tomcat Users List <[EMAIL PROTECTED]> >> Subject: j_security_check and logout >> >> Hello, all -- >> >> I have a small application consisting of servlets and jsp pages. I use >> form based authentication via j_security_check to login. >> >> I have a strange problem know how to solve. >> >> I have implemented a simple logout procedure whereby the logout servlet >> invalidates the session, and then transfers to a final thanks.jsp page >> that just says "thanks..". So far, so good. However, I wanted to try >> and do something about the back button issue, so, on the main.jsp page >> that calls the logout, I wrote this bit of javascript: >> >> <a href="greeting?event=LOGOUT" >> onclick="javascript:window.location.replace(this.href); >> event.returnValue=false; ">logout</a> >> >> Ok, this seems to work fine. After logout, if the user is sitting on the >> thanks.jsp page, and presses the back button, it skips back to the >> initial login.jsp page (ignoring the main.jsp page that used to be in >> between. >> >> Good.. >> >> However! If I try and use the login.jsp page at that point, I get this >> error from tomcat: >> >> Apache Tomcat/4.0.3 - HTTP Status 400 - Invalid direct reference to form >> login page >> >> So, it seems at that point that the login page doesn't know where I want >> to go, and bombs. The place where I do want to go is >> greeting?event=WELCOME, but j_security_check has no way of knowing that, >> because it didn't come in throught the URL. Since we came back to >> login.jsp via the back button, it isn't there. >> >> Any ideas on how to solve this? >> > > You should never reference the URL of the login page directly. Instead, > if you want to make them log back in, you should simply redirect them to > some page within the protected area (perhaps the main menu). The usual > login dialog will happen. > > >> Thanks >> Paul Phillips >> > > Craig > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> For additional > commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
