In my case, it's ok that the login at least displays once in the frame setting, but then if the user fails to enter the right credentials, then the subsequent login form will appear at the top level.
Thanks for the help in understanding this, Session > Session A Mwamufiya wrote: >> Thanks Dale, I actually fixed it by setting a target attribute in the >> form on my login page, so that it always puts the resulting page at the >> top level. > > That may serve your purposes (only you know your requirements), but it > seems to be addressing a different problem. > > Adding 'frame="_top"' to the login form ensures that the result of the > login is displayed as the the entire frameset, but neither is the login > form itself displayed there, nor is the page resulting from that login > necessarily a full frameset... > > If a browser sits idle longer than the timeout, and a single frame is > fetched, the result may be a login form, but that form will still be > displayed in the frame. > > If you're using something like acegi, once the login succeeds, it is > possible that the restricted action that resulted in the display of the > login form then gets executed. In this case the results that you are now > displaying as _top might really be only the contents of a single frame. > > -Dale > > --------------------------------------------------------------------- To > unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]