After I perform the log out I call a redirect function to a protected resource and that goes well.
Somewhere I found that I need to set this tag in mai login.html page: <META HTTP-EQUIV = "Pragma" CONTENT="no-cache"> <META HTTP-EQUIV = "Cache-control" CONTENT="no-cache"> And I did that and after I hit the logout button and perform another login it seem to work, but if I continue and log out and then again log in the problem occurs again! Thank you for your time! On Fri, Jun 4, 2010 at 12:11 PM, Pid <p...@pidster.com> wrote: > On 04/06/2010 01:19, Martin Gainty wrote: > > > > the reference is to URLEncoder class > > > > URLEncoder Utility class is used for HTML form encoding. This class > contains static methods for converting a String to the > application/x-www-form-urlencoded MIME format > > > > javadoc for encode methods of the URLEncoder are illustrated at > > > > http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html > > Not it's not, it's a reference to "response.encodeRedirectURL(path)" > > Instead of continuing to talk about this in the abstract, how about you > post some details of your configuration and the code you're using to > logout? > > Where is the login form, what URL is it? > > Which URL are you redirecting to after logout, and how are you doing that? > > etc > > > p > > > > ______________________________________________ > > Verzicht und Vertraulichkeitanmerkung > > > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte > Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht > dient lediglich dem Austausch von Informationen und entfaltet keine > rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von > E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > > > > > > > >> Date: Fri, 4 Jun 2010 00:34:36 +0300 > >> Subject: Re: HTTP Status 400 - Invalid direct reference to form login > page! > >> From: george.pu...@gmail.com > >> To: users@tomcat.apache.org > >> > >> Hello Cris, > >> > >> *After you call session.invalidation(), what does your code do, > >> specifically? If you do a "forward" to a protected resource, strange > >> things may happen with cookie-passing.* > >> > >> After the session get's invalidate(on the server side) my code send back > a > >> request success to the UI and then the Ui redirect's my app to the > protected > >> resource. > >> > >> *Does your login form properly encode the session id into it's <form> > >> action? Does your logout code properly encode the session id into the > >> redirect URL? Have you enabled/disabled cookies in your web browser?* > >> > >> My cookies are enabled. But I don't know exactly if the login/logout > code > >> form properly encode the session id into it's <form>(how can I test > that?) > >> > >> > >> > >> Thank you very much!!!! > >> > >> > >> > >> On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > >> > > Gheorghe, > > > > On 6/3/2010 2:18 PM, Gheorghe Pucea wrote: > >>>>> By "when I get back to the login page" I mean that I log out from my > app > > and > >>>>> then I redirect my app to a restricted resource and when my login > page > >>>>> appears I type my User/pass and the error occurs. > >>>>> > >>>>> I want to add something, when I log out and after I redirect my app > to a > >>>>> protected resource the login page show's up if I hit the refresh > button > > on > >>>>> my browser and I type in my user/pass it works. > > > > After you call session.invalidation(), what does your code do, > > specifically? If you do a "forward" to a protected resource, strange > > things may happen with cookie-passing. > > > > Does your login form properly encode the session id into it's <form> > > action? Does your logout code properly encode the session id into the > > redirect URL? Have you enabled/disabled cookies in your web browser? > > > > -chris > >>> > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > > > _________________________________________________________________ > > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with > Hotmail. > > > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > >