2011/11/25 <uwe.hellm...@t-systems.com>: > > So what we have is a redirected response from a failed login process.
Is it FORM authentication, or some custom implemented login process? > As example we have an login mask and while tryinig to login we put the > username "Tester" in the username inputfield > send the form away and get a login error message and the following URL string: > http://mytestsystem/login.action?login_error=1&u=Tester > In the input field the value Tester is still set. > > This result is as expected, but from time to time we saw the following URL > string returned > http://mytestsystem/login.action?login_error=1&u=OtherUser although we sent > the form > with Tester as value away. But now in the input field it is also OtherUser > set. I think I would configure an AccessLogValve with "%{Location}o" in it. That should log what redirect URL is actually sent to the client in Location response header. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org