You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2001/09/26 18:13:51 UTC
DO NOT REPLY [Bug 3839] New: -
Problem bookmarking login page
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3839>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3839
Problem bookmarking login page
Summary: Problem bookmarking login page
Product: Tomcat 4
Version: 4.0 Final
Platform: PC
OS/Version: Linux
Status: NEW
Severity: Major
Priority: Other
Component: Webapps
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: paul.pacheco@wavecode.com
I have a web application that uses form based authentication.
if I go to a protected page for example:
http://myhost/myapp/index.html
then I get the authentication form:
http://myhost/myapp/login.jsp
I fill it up, and submit and I get authenticated and the page
http://myhost/myapp/index.html
is properly shown.
However, if instead of trying to go to a protected resource, I try to go
directly to the login.jsp page, and that is pretty common since some people
like to bookmark the login page, then this is what happens:
I go to the login page:
http://myhost/myapp/login.jsp
the login page gets displayed properly. but if I fill it up and submit, the
browser gets redirected to this address:
http://myhost/myapp/null
and the following error is shown on the browser:
HTTP Status 404 - /null
The requested resource (/null) is not available.
The behavior that I would like to see is that the default page for the web
application be shown.
I think this is what is happening:
if I go to a protected resource the url gets saved somewhere in the session
then after I submit the login information, the server redirects the browers to
the saved location.
But if I go directly to the login page, then there is no url that failed the
security constraints, and nothing is saved. After I submit, it tries to go to
whatever is saved (null in this case) and since there is no page named null an
error is shown. What is needed is an extra check somewhere that says: if the
saved location is null, then go to the default webapp page.