You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by gautam <ga...@applabs.net> on 2002/12/09 07:37:29 UTC

A solution idea for "Invalid Direct Reference..." + Comments please

Hello Folks,

I have to find a solution to the "Invalid direct reference..." problem when
using FORM based authentication with Tomcat (4.0.6). I cannot stop users
from bookmarking the login page and hence must find another solution. What I
have done is :

In my logon.jsp (my form-login-page), I have added some code to check for
the following :

1. request.getRequestedSessionId() is not null and
2. There is no cookie named "JSESSIONID".

If these two conditions are met, then I do a response.sendRedirect(
"PROTECTED RESOURCE" ) ;. As a result of this, Tomcat has a valid resource
to go to after the authentication and hence I avoid the "Invalid direct
ref.." problem. If the conditions are not met then I let the JSP display as
usual.

Now my question is; Does this make sence ? Am I overlooking something here ?
What are the implications of doing something like this ?

Regards,

Gautam Satpathy
Manager - Technical Services
AppLabs Technologies
Hyderabad - India
(work) 91-40-6628222
(home) 91-40-23751611


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: A solution idea for "Invalid Direct Reference..." + Comments please

Posted by gautam <ga...@applabs.net>.

Opps. Made a typo.

1. request.getRequestedSessionId() is *NULL* and
2. There is *NO* cookie named "JSESSIONID".

Regards,

Gautam Satpathy

----- Original Message -----
From: "gautam" <ga...@applabs.net>
To: <to...@jakarta.apache.org>
Sent: Monday, December 09, 2002 12:07 PM
Subject: A solution idea for "Invalid Direct Reference..." + Comments please


> Hello Folks,
>
> I have to find a solution to the "Invalid direct reference..." problem
when
> using FORM based authentication with Tomcat (4.0.6). I cannot stop users
> from bookmarking the login page and hence must find another solution. What
I
> have done is :
>
> In my logon.jsp (my form-login-page), I have added some code to check for
> the following :
>
> 1. request.getRequestedSessionId() is not null and
> 2. There is no cookie named "JSESSIONID".
>
> If these two conditions are met, then I do a response.sendRedirect(
> "PROTECTED RESOURCE" ) ;. As a result of this, Tomcat has a valid resource
> to go to after the authentication and hence I avoid the "Invalid direct
> ref.." problem. If the conditions are not met then I let the JSP display
as
> usual.
>
> Now my question is; Does this make sence ? Am I overlooking something here
?
> What are the implications of doing something like this ?
>
> Regards,
>
> Gautam Satpathy
> Manager - Technical Services
> AppLabs Technologies
> Hyderabad - India
> (work) 91-40-6628222
> (home) 91-40-23751611
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
>


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>