Opps. Made a typo. 1. request.getRequestedSessionId() is *NULL* and 2. There is *NO* cookie named "JSESSIONID".
Regards, Gautam Satpathy ----- Original Message ----- From: "gautam" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, December 09, 2002 12:07 PM Subject: A solution idea for "Invalid Direct Reference..." + Comments please > Hello Folks, > > I have to find a solution to the "Invalid direct reference..." problem when > using FORM based authentication with Tomcat (4.0.6). I cannot stop users > from bookmarking the login page and hence must find another solution. What I > have done is : > > In my logon.jsp (my form-login-page), I have added some code to check for > the following : > > 1. request.getRequestedSessionId() is not null and > 2. There is no cookie named "JSESSIONID". > > If these two conditions are met, then I do a response.sendRedirect( > "PROTECTED RESOURCE" ) ;. As a result of this, Tomcat has a valid resource > to go to after the authentication and hence I avoid the "Invalid direct > ref.." problem. If the conditions are not met then I let the JSP display as > usual. > > Now my question is; Does this make sence ? Am I overlooking something here ? > What are the implications of doing something like this ? > > Regards, > > Gautam Satpathy > Manager - Technical Services > AppLabs Technologies > Hyderabad - India > (work) 91-40-6628222 > (home) 91-40-23751611 > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>