I have a web app which is built using JSF and tomcat 5. There is a login page for normal users, and a copy of login page that is forwarded from a servlet which is used by another set of users. This copy of login page contains javascript that automatically fill in user name and password and submit the form to j_security_check using a common user account.
Then I got an error like this: Invalid direct reference to form login page The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). I will not have this error if I manually go to the normal login page FIRST, because that will cause tomcat to create some cookie or session for me . Then when I use servlet to forward to the copy of login page, which does automatic login action, it will NOT have that error, because the cookie/session is created already. I noticed this difference, because if I just access servlet directly, then in the copy of login page, the url will have jsessionid=******** appended to it. If I do visit my web app normally first, then that jsessionid is not in the url. I did a little research online and found someone saying, its because users cannot login directly from login page. You first have to goto a restricted page other than the login page, and then the web-server will automatically redirect you to the login page and once you have valid login, the web-server will automatically redirect you back to the restricted page such as index.jsp. The problem for me is the normal login page will have a jsessionid automatically. But my copy of login page does not. Then the page hits the problem of 'Invalid direct reference to form login page'. So I guess I just need create a jsessionid manually, then it's fine to do the login automatically. How can I create a tomcat jsessionid manually? Thanks. -- View this message in context: http://old.nabble.com/problem-with-Invalid-direct-reference-to-form-login-page-tp26915415p26915415.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org