You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2001/09/26 18:13:51 UTC

DO NOT REPLY [Bug 3839] New: - Problem bookmarking login page

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3839>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=3839

Problem bookmarking login page

           Summary: Problem bookmarking login page
           Product: Tomcat 4
           Version: 4.0 Final
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Webapps
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: paul.pacheco@wavecode.com


I have a web application that uses form based authentication.

if I go to a protected page for example:
http://myhost/myapp/index.html
then I get the authentication form:
http://myhost/myapp/login.jsp
I fill it up, and submit and I get authenticated and the page
http://myhost/myapp/index.html
is properly shown.


However, if instead of trying to go to a protected resource, I try to go 
directly to the login.jsp page, and that is pretty common since some people 
like to bookmark the login page, then this is what happens:

I go to the login page:
http://myhost/myapp/login.jsp

the login page gets displayed properly. but if I fill it up and submit, the 
browser gets redirected to this address:

http://myhost/myapp/null
and the following error is shown on the browser:
HTTP Status 404 - /null
The requested resource (/null) is not available. 

The behavior that I would like to see is that the default page for the web 
application be shown.

I think this is what is happening:
if I go to a protected resource the url gets saved somewhere in the session
then after I submit the login information, the server redirects the browers to 
the saved location.

But if I go directly to the login page, then there is no url that failed the 
security constraints, and nothing is saved. After I submit, it tries to go to 
whatever is saved (null in this case) and since there is no page named null an 
error is shown. What is needed is an extra check somewhere that says: if the 
saved location is null, then go to the default webapp page.