Hello, I made a very basic web app with a form logon and JBoss 4.0.1RC2. I did not refer the login.jsp but things are working normal asking e.g. the index.jsp. I get my login.jsp and :-) without j_security_check in the url. When I have a successful logon my secured index.jsp comes up and I do not have the login.jsp in my history via the back button. I think something changed after 3.2.x ???. (You can even bookmark the login page because the original url doesn't change)
But when I mistype my password or username the error page specified in the <form-error-page> tag comes up. And now the j_security_check comes up in the url. Then I go back to the logon page via the back button. Then after a successful logon a have a non existing page in the history of the back or forwar button of the browser. It also happens if you specify the login.jsp in the <form-error-page> tag. The first part is very nice but I'm asking myself if the behaviour of the <form-error-page> is normal to display the j_security_check in the url of the addressbar? Should this also work without displaying j_security_check in the url? Johan. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3860193#3860193 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3860193 ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user