I think it has something to do with both. When close the browser, and try again, it works on the later problem (logging in with valid users after an invalid login). However, the first problem, where logging in with an invalid role but valid user/pass still there. That is the web should not send the access forbidden, or illegal access, but show the loginerror page. (I forget to mention this is form type login).
The cache problem maybe due to browser, but I think the news information does get submitted to the server. So the cache is not the username/password, but it's the session information. Again, if this is the case, then the server should use the username/password instead of the invalid session (Which I suspect they store in the basic authen scheme, or cookies). So, the server should be able to solve this problem too. This problem also show up using the built-in (versus formbase) popup basic authen. When you log into a webapp using valid user/pass/role. Then you change to another webapp on the server with a different users/pass/role, then you get error. This should be fixed by browsers (that is to detect that you went to a differernt directory now). For the server, it may be able to address this too, but I don't know much about it. On Fri, 6 Dec 2002, Bodycombe, Andrew wrote: > This could be an issue with your browser. > Maybe the page has been cached? > > Andy > > -----Original Message----- > From: Vy Ho > To: Tomcat Users List > Sent: 06/12/2002 16:46 > Subject: Tomcat went unconcious :-) > > > When a dog sneeze and the cat got knocked down. The following case show > that simple things could knock error out of tomcat (note that the cat > does > not die). > > Imagine authentication usin gmemory or database. 2 users 1 role for > each. > When you login with a valid user name/pass, but wrong role for the > selected page, you won't see the invalid user/login, but you'll see > access > error. Now, go back (clicking on the back button), and then login as > valid user/role, you'll see a gain, the same message, although you > should > be able to get into the page without any problem. That's 2 knockouts > right there. > > How could something this obvious, and sensity, and common slip into the > cat? > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
