I'm using form based authentication as follows:
<h2 style = "text-align: left"><a name = "login">Login</a></h2>
<form method = "POST" action='<%=
response.encodeURL("j_security_check") %>'>
<table border="0">
<tr>
<td align = "right">Name:</td>
<td align = "left"><input type="text"
name="j_username"></td>
</tr>
<tr>
<td align = "right">Password:</td>
<td align = "left"><input type="password"
name="j_password"></td>
</tr>
<tr>
<td align = "right"><input class = "button"
type="submit" value="Log in"></td>
<td align = "left"><input class = "button"
type="reset" value = "Clear"></td>
</tr>
</table>
</form>
And the code in web.xml is as follows:
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>ADMIN</role-name>
</security-role>
I also have MD5 digest specified in context.xml.
-----Original Message-----
From: André Warnier [mailto:[email protected]]
Sent: 12 Oct 2011 22 19
To: Tomcat Users List
Subject: Re: Application not logging out properly
Martin O'Shea wrote:
> Hello
>
>
>
> I'm using Apache Tomcat 6.0.26 for an application where the majority
> of the content is hidden behind a page requiring authenticated login.
> This appears to work fine but upon logout, I find I am able to browse
> back through some of the pages visited in the session.
>
What authentication type (scheme) are you using ?
HTTP Basic, form-based, .. ?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
