On Tue, 9 Jul 2002, Paul Phillips wrote:
> Date: Tue, 09 Jul 2002 10:40:13 -0500
> From: Paul Phillips <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: j_security_check and logout
>
> Hello, all --
>
> I have a small application consisting of servlets and jsp pages. I use
> form based authentication via j_security_check to login.
>
> I have a strange problem know how to solve.
>
> I have implemented a simple logout procedure whereby the logout servlet
> invalidates the session, and then transfers to a final thanks.jsp page that
> just says "thanks..". So far, so good. However, I wanted to try and do
> something about the back button issue, so, on the main.jsp page that calls
> the logout, I wrote this bit of javascript:
>
> <a href="greeting?event=LOGOUT"
> onclick="javascript:window.location.replace(this.href);
> event.returnValue=false; ">logout</a>
>
> Ok, this seems to work fine. After logout, if the user is sitting on the
> thanks.jsp page, and presses the back button, it skips back to the initial
> login.jsp page (ignoring the main.jsp page that used to be in between.
>
> Good..
>
> However! If I try and use the login.jsp page at that point, I get this
> error from tomcat:
>
> Apache Tomcat/4.0.3 - HTTP Status 400 - Invalid direct reference to form
> login page
>
> So, it seems at that point that the login page doesn't know where I want to
> go, and bombs. The place where I do want to go is greeting?event=WELCOME,
> but j_security_check has no way of knowing that, because it didn't come in
> throught the URL. Since we came back to login.jsp via the back button, it
> isn't there.
>
> Any ideas on how to solve this?
>
You should never reference the URL of the login page directly. Instead,
if you want to make them log back in, you should simply redirect them to
some page within the protected area (perhaps the main menu). The usual
login dialog will happen.
> Thanks
> Paul Phillips
>
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
