> It's kinda hard for them to bookmark the login page when they don't know
> the URL.
>
> Keep in mind that, as far as the browser is concerned, the URL in the
> location is still the page that was originally requested. Therefore, a
> bookmark for the login form will actually be to the real page (which might
> again trigger authentication if they have exited and restarted before
> following the bookmark).
Right now I've got a web app set up with tomcat 3.2.2 using form-based
authentication,
when I request /WWAT2/user/welcome.jsp I get redirected to
/WWAT2/login.jsp which I see in my address bar. Just for fun I bookmarked
it,
logged in, then I was redirected to /WWAT2/user/welcome.jsp (which was my
original request)
I logged out, then went to my bookmarked /WWAT2/login.jsp
So it looks like I do see the login URL. (I have absolutely no links to the
/WWAT2/login.jsp anywhere)
So what you are saying is that if a user doesn't see the login URL, there
are no links to it in the web-app,
the chances of them requesting JUST the login page of a web-app are so few
and far between
that handling that special case should just be ignored?
Is there something wrong with my tomcat configuration? The form-based
authentication
works like a dream except for showing me the URL of the login page. The
behaviour
is fine.
-Mike
> And (at least for servlet 2.3, but Tomcat 4 doesn't do it right yet), the
> container is supposed to redirect to the originally requested page after
> authentication is completed. The net effect of this is that the URL of
> the login page is never visible to the user, unless you have deliberately
> linked to it in your user interface. That's one of the reasons such links
> should not exist.
>
> > > NOTE: If you don't like the philosophy of form-based login, the
> > > appropriate forum is the feedback address for the servlet spec
> > > ([EMAIL PROTECTED]), because that is where the
requirements
> > > for how Tomcat works are defined.
> > >
> > > Craig
> >
> > Thanks! I'll forward my suggestion on to them.
> > -Mike
> >
> >
>
> Craig
>
>
