On Mon, 20 May 2002, Pete Serafin wrote:
> Date: Mon, 20 May 2002 13:36:05 -0500
> From: Pete Serafin <[EMAIL PROTECTED]>
> Reply-To: Struts Users Mailing List <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: Form based security problem
>
> I am implementing the form based security for an application on Tomcat
> 4.0.3. It mostly works fine except for the small problem on the initial
> log on, the browser is forwarded to
> /j_security_check instead of the index page with the following message:
>
> message: Invalid direct reference to form login page
>
>
> Upon going back and refreshing the login page, a successful log on and
> redirect to the index page occurs. Any ideas on how to prevent this
> behavior?
>
This is actually a Tomcat question, rather than a Struts one. But the
most likely explanation is that you (or your user) are trying to directly
navigate to the login page. You should not be doing that -- just point at
the page you ultimately want to go to (just like you would if BASIC
authentication was being used), and Tomcat will display the login page if
you are not logged on already.
>
>
> Pete Serafin
>
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
