You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2001/12/14 00:47:51 UTC

DO NOT REPLY [Bug 5422] New: - HTTP Headers not being cleared after form authentication

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5422>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=5422

HTTP Headers not being cleared after form authentication

           Summary: HTTP Headers not being cleared after form authentication
           Product: Tomcat 4
           Version: 4.0.1 Final
          Platform: All
               URL: http://members.optushome.com.au/bwalding/tomcat/header.z
                    ip
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: ben@walding.com


When using FORM authentication (for realm), it appears that HTTP headers are 
not being reset as the page is redirected to target page (after authentication).

Process (tested against stock 4.0.1 tomcat install)
1. Create new webapp (eg header)
2. Unpack zip file listed in URL to webapp
http://members.optushome.com.au/bwalding/tomcat/header.zip
3. Go to http://localhost:8080/header/HeaderServlet (or appropriate spot if you 
aren't running against localhost)
4. You should be redirected to the login.html page (user/pass = tomcat/tomcat  
(default memory realm))
5. After that you should go to header display page.  Note the duplicates?
If you invalidate the session and re-enter the page, you will see the session 
id's are different.

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>