Hello Folks, I have to find a solution to the "Invalid direct reference..." problem when using FORM based authentication with Tomcat (4.0.6). I cannot stop users from bookmarking the login page and hence must find another solution. What I have done is :
In my logon.jsp (my form-login-page), I have added some code to check for the following : 1. request.getRequestedSessionId() is not null and 2. There is no cookie named "JSESSIONID". If these two conditions are met, then I do a response.sendRedirect( "PROTECTED RESOURCE" ) ;. As a result of this, Tomcat has a valid resource to go to after the authentication and hence I avoid the "Invalid direct ref.." problem. If the conditions are not met then I let the JSP display as usual. Now my question is; Does this make sence ? Am I overlooking something here ? What are the implications of doing something like this ? Regards, Gautam Satpathy Manager - Technical Services AppLabs Technologies Hyderabad - India (work) 91-40-6628222 (home) 91-40-23751611 -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
