On 24/12/2009 16:32, scorpioy wrote: > The problem for me is the normal login page will have a jsessionid > automatically. But my copy of login page does not. Then the page hits the > problem of 'Invalid direct reference to form login page'. So I guess I just > need create a jsessionid manually, then it's fine to do the login > automatically.
Nope. Tomcat won't let any user access the login page directly under any circumstances. If I recall, SecurityFilter [1] has a feature that lets you do this. Mark [1] http://securityfilter.sourceforge.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
