DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41531>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41531 Summary: By default container managed security doesn't rewrite form action Product: Tomcat 5 Version: 5.5.20 Platform: Other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Servlet & JSP API AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] The default container managed form per the servlet spec looks like this: .. .. <form action="j_security_check" method="post"> .. .. .. This URL is not rewritten by default so it actually needs to be: <form action='<%= response.encodeRedirectURL("j_security_check")%>' method='post'> otherwise, clients that do not accept cookies have their connection reset. I'd say this is not a bug in Tomcat per se, just a grey area but given that I found no documentation related to this on the web until I searched for it specifically, it might be a good idea to either fix it if easily fixable or at least document it in the Tomcat documentation. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]