The problem is in the error message: Invalid direct reference to form login page
In brief: With container-based auth, when a user attempts to access a
protected resource, the container will 'remember' which resource they
tried to access, and send them off to the form login page, specified in
web.xml. If they successfully authenticate, then the container will
then send them off to the original resource.
That makes since.
If you go directly to login.jsp... where are you supposed to go after ?index.jsp?
Does the container auth create/use a session?
If not then, is there anyway to sync up the container auth with the session time-out?
Is there anyway to invalidate the current JDBCRealm login?
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
