Hi:
I'm having a strange behaviour when using realm in Tomcat 7 ( 7.0.16)
with browser tabs
My web app has some protected resources ( with <security-constraint>
tag in web.xml ) by a realm.
I'm using FORM method in <auth-method> tag. So, i've got my own login page :
<html>
<form method='post' action='j_security_check'>
<input type='text' name='j_username'>
<input type='password' name='j_password'>
<input type='submit' name='send'>
</form>
</html>
Steps:
1) I open a tab in my browser and access to a protected resource
http://localhost:8080/myapp/protected/file_one.properties
So, login page is shown
2) I open a new tab in the browser and access to another protected resource
http://localhost:8080/myapp/protected/file_two.properties
So, login page is shown
3) Back first tab , and authenticate with a valid user. The resource
shown is file_two.properties (??)
4) Go to second tab, and authenticate with the same valid user ( or
another valid user ) and an error happens
State HTTP 404 - /myapp/j_security_check
I know that session is shared between tabs but I think there are two
rare results :
- on step 3, it's returned a different resource than requested .
- on step 4 , it's returned a 404 error
If this is a right behaviour , how I can avoid that an user can
perform this steps ?
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
