scorpioy wrote:
Thanks for the reply. I think I'm not really accessing the login page. I just
have a copy of it and named it as login_auto.jsp. This page is not
registered in web.xml, and is not under any restricted path.
I just let servlet to forward to this page, then let javascript in this page
to do automatic form login for the user. Can I do that?
The question that comes to mind of course, is : if you send a login form
to the client, but you put javascript in it that fills in the userid and
password automatically, then why do you bother sending the form in the
first place ?
Maybe I am missing something here, but does that not sound a bit ..
insecure for instance ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
