Your problem has just recently been discussed on this list. Ben Jessel proposed a workaround which I attached below. Hopefully, this might work for you.
Stefan > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, June 27, 2003 1:42 PM > To: [EMAIL PROTECTED] > Subject: Possible workaround for invalid direct reference to > login page > > > Java Authentication with tomcat relies on realms. If you > access a page > protected by that realm you get directed to the login page. > However, it is possible to go directly to the login page ( > this can happen > when users bookmark the login page inadvertantly ). > > This happens in two scenarios: > > 1) The user is already logged in. > 2) The user is not logged in. > > If you authenticate yourself once you have gone directly to the login > page, you get a "invalid direct reference" error. Fair > enough, the login > page is trying to redirect to itself. Now, I tried to > workaround this by > checking if the session is null, and if it is, redirecting to some > protected page, eg. protected/index.jsp. No luck. It seems > that a session > is implicitly created, and a new session id gets created. > > So I've tried a cookie strategy: > > <% > if ( request.getCookies()==null ) { > response.sendRedirect("/xxxx/jsp/protected/index.jsp"); > } > if ( request.getRemoteUser()!=null ) > { > response.sendRedirect("/xxxxx/jsp/protected/index.jsp"); > } > %> > > i.e, we wont have a cookie if we've gone directly to the > login page. But > we will have if we've tried to access a protected page and > then we've been > forwarded to a login page, tomcat will give us a cookie. > > Now if we're already logged in ( which we check with > getRemoteUser() , > then we just forward to user to an index page. > > This seems o.k. However my index page actually includes my > login page! I'm > planning to get around this with some logic that only > includes the login > page excerpt if we are not logged in...... > > Ben > > > -----Original Message----- > From: Brian Kuhn [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 29, 2003 1:16 AM > To: [EMAIL PROTECTED] > Subject: invalid direct reference to form login page... > > > Hi all, > > I've set up Tomcat (4.1.24) to do form based authentication. > Everything > works great, except I've had to deal with a lot of users that > type in the > url I've given them, get redirected to the login page, and > bookmark the > login page before logging in. Later, when they use the > bookmark, they get > sent to the login page, but get a "Invalid direct reference > to form login > page..." message once they log in. > > I understand why this happens, but don't know what to do > about it. Is there > a way to specify a default page to go to when the login page > is requested > directly? > > Thanks, > Brian Kuhn > Telscape Communications > > > > > ==================== > Brian Kuhn > [EMAIL PROTECTED] > ==================== > > _________________________________________________________________ > The new MSN 8: smart spam protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]