You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Kevin Jones <ke...@develop.com> on 2001/07/24 23:58:42 UTC
Form based logon problems in T4B6
I can't get form based logon to work reliably in Beta6 (in fact I've had
problems for a while)
I have a webapp (called course) and a sub directory (gjava) which is
protected. I'm using form based logon with the username and password in
tomcat-users.xml.
i) If I try and access a resource in \course\gjava I get the logon page, if
I enter a valid username and password everything works.
ii) If I try and access a resource in \course\gjava I get the logon page, if
I enter an invalid username and password I get the logon page again - *not*
the error page.
iii) If I try and access a resource in \course\gjava I get the logon page,
if I enter a valid username and password everything works. But if I hit the
back button and then enter an invalid username/password I get redirected
here http://localhost/course/gjava/j_security_check and get a 404 error
iv) If I try and access a resource in \course\gjava I get the logon page, if
I enter an invalid username and password I get the logon page again - *not*
the error page. If I now enter the correct password I get the error page,
Kevin Jones
DevelopMentor
www.develop.com
RE: Form based logon problems in T4B6
Posted by Kevin Jones <ke...@develop.com>.
Thanks Craig,
> because the error page itself is inside the protected area
Ahh - a light's just come on - I see what you mean now.
I'm away from home right now - I'll be sure to try this as soon as I get
back
Kevin Jones
DevelopMentor
www.develop.com
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: 26 July 2001 23:59
> To: tomcat-dev@jakarta.apache.org
> Subject: RE: Form based logon problems in T4B6
>
>
> Yep, you'll definitely have a problem before nightly build 20010727,
> because the error page itself is inside the protected area. It should be
> fixed now.
>
> Craig
>
>
> On Thu, 26 Jul 2001, Kevin Jones wrote:
>
> > I've tried the latest nightly and I still get the same problem. I've
> > attached a webapp for you to try
> >
> > Could be I'm doing something stupid of course
> >
> > Kevin Jones
> > DevelopMentor
> > www.develop.com
> >
> > > -----Original Message-----
> > > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > > Sent: 26 July 2001 20:26
> > > To: tomcat-dev@jakarta.apache.org
> > > Subject: RE: Form based logon problems in T4B6
> > >
> > >
> > >
> > >
> > > On Wed, 25 Jul 2001, Craig R. McClanahan wrote:
> > >
> > > >
> > > >
> > > > On Wed, 25 Jul 2001, Kevin Jones wrote:
> > > >
> > > > > OK
> > > > >
> > > >
> > > > Hmm, without a reproducible test case, I don't know how to
> debug this,
> > > > because it works for me. Can you create a simple web
> application that
> > > > illustrates the problem, and add it to the bug report as an
> attachment.
> > > >
> > >
> > > I don't know for sure if it was the same as Kevin's problem, but I did
> > > just find a failure case -- if the error page was in the
> protected area,
> > > you'd get the same sort of symptoms. Just patched it, will
> be fixed in
> > > nightly build 20010727 (i.e. tonight).
> > >
> > > Craig
> > >
> > >
> > > > Craig
> > > >
> > > >
> > > > > Kevin Jones
> > > > > DevelopMentor
> > > > > www.develop.com
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > > > > > Sent: 25 July 2001 00:10
> > > > > > To: Tomcat-Dev
> > > > > > Subject: Re: Form based logon problems in T4B6
> > > > > >
> > > > > >
> > > > > > Sounds like a bug introduced when the functionality was
> > > modified recently,
> > > > > > to do redirects instead of forwards. Could you do me a
> > > favor and file a
> > > > > > bug report so it gets tracked?
> > > > > >
> > > > > > Thanks,
> > > > > > Craig
> > > > > >
> > > > > >
> > > > > > On Tue, 24 Jul 2001, Kevin Jones wrote:
> > > > > >
> > > > > > > I can't get form based logon to work reliably in Beta6
> > > (in fact I've had
> > > > > > > problems for a while)
> > > > > > >
> > > > > > > I have a webapp (called course) and a sub directory
> > > (gjava) which is
> > > > > > > protected. I'm using form based logon with the username
> > > and password in
> > > > > > > tomcat-users.xml.
> > > > > > >
> > > > > > > i) If I try and access a resource in \course\gjava I get the
> > > > > > logon page, if
> > > > > > > I enter a valid username and password everything works.
> > > > > > >
> > > > > > > ii) If I try and access a resource in \course\gjava I get the
> > > > > > logon page, if
> > > > > > > I enter an invalid username and password I get the logon page
> > > > > > again - *not*
> > > > > > > the error page.
> > > > > > >
> > > > > > > iii) If I try and access a resource in \course\gjava I get the
> > > > > > logon page,
> > > > > > > if I enter a valid username and password everything works. But
> > > > > > if I hit the
> > > > > > > back button and then enter an invalid username/password I
> > > get redirected
> > > > > > > here http://localhost/course/gjava/j_security_check and
> > > get a 404 error
> > > > > > >
> > > > > > > iv) If I try and access a resource in \course\gjava I get the
> > > > > > logon page, if
> > > > > > > I enter an invalid username and password I get the logon page
> > > > > > again - *not*
> > > > > > > the error page. If I now enter the correct password I get the
> > > > > > error page,
> > > > > > >
> > > > > > > Kevin Jones
> > > > > > > DevelopMentor
> > > > > > > www.develop.com
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> >
>
RE: Form based logon problems in T4B6
Posted by "Craig R. McClanahan" <cr...@apache.org>.
Yep, you'll definitely have a problem before nightly build 20010727,
because the error page itself is inside the protected area. It should be
fixed now.
Craig
On Thu, 26 Jul 2001, Kevin Jones wrote:
> I've tried the latest nightly and I still get the same problem. I've
> attached a webapp for you to try.
>
> Could be I'm doing something stupid of course
>
> Kevin Jones
> DevelopMentor
> www.develop.com
>
> > -----Original Message-----
> > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > Sent: 26 July 2001 20:26
> > To: tomcat-dev@jakarta.apache.org
> > Subject: RE: Form based logon problems in T4B6
> >
> >
> >
> >
> > On Wed, 25 Jul 2001, Craig R. McClanahan wrote:
> >
> > >
> > >
> > > On Wed, 25 Jul 2001, Kevin Jones wrote:
> > >
> > > > OK
> > > >
> > >
> > > Hmm, without a reproducible test case, I don't know how to debug this,
> > > because it works for me. Can you create a simple web application that
> > > illustrates the problem, and add it to the bug report as an attachment.
> > >
> >
> > I don't know for sure if it was the same as Kevin's problem, but I did
> > just find a failure case -- if the error page was in the protected area,
> > you'd get the same sort of symptoms. Just patched it, will be fixed in
> > nightly build 20010727 (i.e. tonight).
> >
> > Craig
> >
> >
> > > Craig
> > >
> > >
> > > > Kevin Jones
> > > > DevelopMentor
> > > > www.develop.com
> > > >
> > > > > -----Original Message-----
> > > > > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > > > > Sent: 25 July 2001 00:10
> > > > > To: Tomcat-Dev
> > > > > Subject: Re: Form based logon problems in T4B6
> > > > >
> > > > >
> > > > > Sounds like a bug introduced when the functionality was
> > modified recently,
> > > > > to do redirects instead of forwards. Could you do me a
> > favor and file a
> > > > > bug report so it gets tracked?
> > > > >
> > > > > Thanks,
> > > > > Craig
> > > > >
> > > > >
> > > > > On Tue, 24 Jul 2001, Kevin Jones wrote:
> > > > >
> > > > > > I can't get form based logon to work reliably in Beta6
> > (in fact I've had
> > > > > > problems for a while)
> > > > > >
> > > > > > I have a webapp (called course) and a sub directory
> > (gjava) which is
> > > > > > protected. I'm using form based logon with the username
> > and password in
> > > > > > tomcat-users.xml.
> > > > > >
> > > > > > i) If I try and access a resource in \course\gjava I get the
> > > > > logon page, if
> > > > > > I enter a valid username and password everything works.
> > > > > >
> > > > > > ii) If I try and access a resource in \course\gjava I get the
> > > > > logon page, if
> > > > > > I enter an invalid username and password I get the logon page
> > > > > again - *not*
> > > > > > the error page.
> > > > > >
> > > > > > iii) If I try and access a resource in \course\gjava I get the
> > > > > logon page,
> > > > > > if I enter a valid username and password everything works. But
> > > > > if I hit the
> > > > > > back button and then enter an invalid username/password I
> > get redirected
> > > > > > here http://localhost/course/gjava/j_security_check and
> > get a 404 error
> > > > > >
> > > > > > iv) If I try and access a resource in \course\gjava I get the
> > > > > logon page, if
> > > > > > I enter an invalid username and password I get the logon page
> > > > > again - *not*
> > > > > > the error page. If I now enter the correct password I get the
> > > > > error page,
> > > > > >
> > > > > > Kevin Jones
> > > > > > DevelopMentor
> > > > > > www.develop.com
> > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
>
RE: Form based logon problems in T4B6
Posted by Kevin Jones <ke...@develop.com>.
I've tried the latest nightly and I still get the same problem. I've
attached a webapp for you to try.
Could be I'm doing something stupid of course
Kevin Jones
DevelopMentor
www.develop.com
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: 26 July 2001 20:26
> To: tomcat-dev@jakarta.apache.org
> Subject: RE: Form based logon problems in T4B6
>
>
>
>
> On Wed, 25 Jul 2001, Craig R. McClanahan wrote:
>
> >
> >
> > On Wed, 25 Jul 2001, Kevin Jones wrote:
> >
> > > OK
> > >
> >
> > Hmm, without a reproducible test case, I don't know how to debug this,
> > because it works for me. Can you create a simple web application that
> > illustrates the problem, and add it to the bug report as an attachment.
> >
>
> I don't know for sure if it was the same as Kevin's problem, but I did
> just find a failure case -- if the error page was in the protected area,
> you'd get the same sort of symptoms. Just patched it, will be fixed in
> nightly build 20010727 (i.e. tonight).
>
> Craig
>
>
> > Craig
> >
> >
> > > Kevin Jones
> > > DevelopMentor
> > > www.develop.com
> > >
> > > > -----Original Message-----
> > > > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > > > Sent: 25 July 2001 00:10
> > > > To: Tomcat-Dev
> > > > Subject: Re: Form based logon problems in T4B6
> > > >
> > > >
> > > > Sounds like a bug introduced when the functionality was
> modified recently,
> > > > to do redirects instead of forwards. Could you do me a
> favor and file a
> > > > bug report so it gets tracked?
> > > >
> > > > Thanks,
> > > > Craig
> > > >
> > > >
> > > > On Tue, 24 Jul 2001, Kevin Jones wrote:
> > > >
> > > > > I can't get form based logon to work reliably in Beta6
> (in fact I've had
> > > > > problems for a while)
> > > > >
> > > > > I have a webapp (called course) and a sub directory
> (gjava) which is
> > > > > protected. I'm using form based logon with the username
> and password in
> > > > > tomcat-users.xml.
> > > > >
> > > > > i) If I try and access a resource in \course\gjava I get the
> > > > logon page, if
> > > > > I enter a valid username and password everything works.
> > > > >
> > > > > ii) If I try and access a resource in \course\gjava I get the
> > > > logon page, if
> > > > > I enter an invalid username and password I get the logon page
> > > > again - *not*
> > > > > the error page.
> > > > >
> > > > > iii) If I try and access a resource in \course\gjava I get the
> > > > logon page,
> > > > > if I enter a valid username and password everything works. But
> > > > if I hit the
> > > > > back button and then enter an invalid username/password I
> get redirected
> > > > > here http://localhost/course/gjava/j_security_check and
> get a 404 error
> > > > >
> > > > > iv) If I try and access a resource in \course\gjava I get the
> > > > logon page, if
> > > > > I enter an invalid username and password I get the logon page
> > > > again - *not*
> > > > > the error page. If I now enter the correct password I get the
> > > > error page,
> > > > >
> > > > > Kevin Jones
> > > > > DevelopMentor
> > > > > www.develop.com
> > > > >
> > > > >
> > > >
> > >
> > >
> >
> >
>
RE: Form based logon problems in T4B6
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Wed, 25 Jul 2001, Craig R. McClanahan wrote:
>
>
> On Wed, 25 Jul 2001, Kevin Jones wrote:
>
> > OK
> >
>
> Hmm, without a reproducible test case, I don't know how to debug this,
> because it works for me. Can you create a simple web application that
> illustrates the problem, and add it to the bug report as an attachment.
>
I don't know for sure if it was the same as Kevin's problem, but I did
just find a failure case -- if the error page was in the protected area,
you'd get the same sort of symptoms. Just patched it, will be fixed in
nightly build 20010727 (i.e. tonight).
Craig
> Craig
>
>
> > Kevin Jones
> > DevelopMentor
> > www.develop.com
> >
> > > -----Original Message-----
> > > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > > Sent: 25 July 2001 00:10
> > > To: Tomcat-Dev
> > > Subject: Re: Form based logon problems in T4B6
> > >
> > >
> > > Sounds like a bug introduced when the functionality was modified recently,
> > > to do redirects instead of forwards. Could you do me a favor and file a
> > > bug report so it gets tracked?
> > >
> > > Thanks,
> > > Craig
> > >
> > >
> > > On Tue, 24 Jul 2001, Kevin Jones wrote:
> > >
> > > > I can't get form based logon to work reliably in Beta6 (in fact I've had
> > > > problems for a while)
> > > >
> > > > I have a webapp (called course) and a sub directory (gjava) which is
> > > > protected. I'm using form based logon with the username and password in
> > > > tomcat-users.xml.
> > > >
> > > > i) If I try and access a resource in \course\gjava I get the
> > > logon page, if
> > > > I enter a valid username and password everything works.
> > > >
> > > > ii) If I try and access a resource in \course\gjava I get the
> > > logon page, if
> > > > I enter an invalid username and password I get the logon page
> > > again - *not*
> > > > the error page.
> > > >
> > > > iii) If I try and access a resource in \course\gjava I get the
> > > logon page,
> > > > if I enter a valid username and password everything works. But
> > > if I hit the
> > > > back button and then enter an invalid username/password I get redirected
> > > > here http://localhost/course/gjava/j_security_check and get a 404 error
> > > >
> > > > iv) If I try and access a resource in \course\gjava I get the
> > > logon page, if
> > > > I enter an invalid username and password I get the logon page
> > > again - *not*
> > > > the error page. If I now enter the correct password I get the
> > > error page,
> > > >
> > > > Kevin Jones
> > > > DevelopMentor
> > > > www.develop.com
> > > >
> > > >
> > >
> >
> >
>
>
RE: Form based logon problems in T4B6
Posted by Kevin Jones <ke...@develop.com>.
Sorry Craig,
I missed this post.
I'll try the latest nightly, if it doesn't work I'll try and create a small
web-app that shows it,
Kevin Jones
DevelopMentor
www.develop.com
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: 25 July 2001 23:06
> To: tomcat-dev@jakarta.apache.org
> Subject: RE: Form based logon problems in T4B6
>
>
>
>
> On Wed, 25 Jul 2001, Kevin Jones wrote:
>
> > OK
> >
>
> Hmm, without a reproducible test case, I don't know how to debug this,
> because it works for me. Can you create a simple web application that
> illustrates the problem, and add it to the bug report as an attachment.
>
> Craig
>
>
> > Kevin Jones
> > DevelopMentor
> > www.develop.com
> >
> > > -----Original Message-----
> > > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > > Sent: 25 July 2001 00:10
> > > To: Tomcat-Dev
> > > Subject: Re: Form based logon problems in T4B6
> > >
> > >
> > > Sounds like a bug introduced when the functionality was
> modified recently,
> > > to do redirects instead of forwards. Could you do me a favor
> and file a
> > > bug report so it gets tracked?
> > >
> > > Thanks,
> > > Craig
> > >
> > >
> > > On Tue, 24 Jul 2001, Kevin Jones wrote:
> > >
> > > > I can't get form based logon to work reliably in Beta6 (in
> fact I've had
> > > > problems for a while)
> > > >
> > > > I have a webapp (called course) and a sub directory (gjava) which is
> > > > protected. I'm using form based logon with the username and
> password in
> > > > tomcat-users.xml.
> > > >
> > > > i) If I try and access a resource in \course\gjava I get the
> > > logon page, if
> > > > I enter a valid username and password everything works.
> > > >
> > > > ii) If I try and access a resource in \course\gjava I get the
> > > logon page, if
> > > > I enter an invalid username and password I get the logon page
> > > again - *not*
> > > > the error page.
> > > >
> > > > iii) If I try and access a resource in \course\gjava I get the
> > > logon page,
> > > > if I enter a valid username and password everything works. But
> > > if I hit the
> > > > back button and then enter an invalid username/password I
> get redirected
> > > > here http://localhost/course/gjava/j_security_check and get
> a 404 error
> > > >
> > > > iv) If I try and access a resource in \course\gjava I get the
> > > logon page, if
> > > > I enter an invalid username and password I get the logon page
> > > again - *not*
> > > > the error page. If I now enter the correct password I get the
> > > error page,
> > > >
> > > > Kevin Jones
> > > > DevelopMentor
> > > > www.develop.com
> > > >
> > > >
> > >
> >
> >
>
RE: Form based logon problems in T4B6
Posted by "Craig R. McClanahan" <cr...@apache.org>.
On Wed, 25 Jul 2001, Kevin Jones wrote:
> OK
>
Hmm, without a reproducible test case, I don't know how to debug this,
because it works for me. Can you create a simple web application that
illustrates the problem, and add it to the bug report as an attachment.
Craig
> Kevin Jones
> DevelopMentor
> www.develop.com
>
> > -----Original Message-----
> > From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> > Sent: 25 July 2001 00:10
> > To: Tomcat-Dev
> > Subject: Re: Form based logon problems in T4B6
> >
> >
> > Sounds like a bug introduced when the functionality was modified recently,
> > to do redirects instead of forwards. Could you do me a favor and file a
> > bug report so it gets tracked?
> >
> > Thanks,
> > Craig
> >
> >
> > On Tue, 24 Jul 2001, Kevin Jones wrote:
> >
> > > I can't get form based logon to work reliably in Beta6 (in fact I've had
> > > problems for a while)
> > >
> > > I have a webapp (called course) and a sub directory (gjava) which is
> > > protected. I'm using form based logon with the username and password in
> > > tomcat-users.xml.
> > >
> > > i) If I try and access a resource in \course\gjava I get the
> > logon page, if
> > > I enter a valid username and password everything works.
> > >
> > > ii) If I try and access a resource in \course\gjava I get the
> > logon page, if
> > > I enter an invalid username and password I get the logon page
> > again - *not*
> > > the error page.
> > >
> > > iii) If I try and access a resource in \course\gjava I get the
> > logon page,
> > > if I enter a valid username and password everything works. But
> > if I hit the
> > > back button and then enter an invalid username/password I get redirected
> > > here http://localhost/course/gjava/j_security_check and get a 404 error
> > >
> > > iv) If I try and access a resource in \course\gjava I get the
> > logon page, if
> > > I enter an invalid username and password I get the logon page
> > again - *not*
> > > the error page. If I now enter the correct password I get the
> > error page,
> > >
> > > Kevin Jones
> > > DevelopMentor
> > > www.develop.com
> > >
> > >
> >
>
>
RE: Form based logon problems in T4B6
Posted by Kevin Jones <ke...@develop.com>.
OK
Kevin Jones
DevelopMentor
www.develop.com
> -----Original Message-----
> From: Craig R. McClanahan [mailto:craigmcc@apache.org]
> Sent: 25 July 2001 00:10
> To: Tomcat-Dev
> Subject: Re: Form based logon problems in T4B6
>
>
> Sounds like a bug introduced when the functionality was modified recently,
> to do redirects instead of forwards. Could you do me a favor and file a
> bug report so it gets tracked?
>
> Thanks,
> Craig
>
>
> On Tue, 24 Jul 2001, Kevin Jones wrote:
>
> > I can't get form based logon to work reliably in Beta6 (in fact I've had
> > problems for a while)
> >
> > I have a webapp (called course) and a sub directory (gjava) which is
> > protected. I'm using form based logon with the username and password in
> > tomcat-users.xml.
> >
> > i) If I try and access a resource in \course\gjava I get the
> logon page, if
> > I enter a valid username and password everything works.
> >
> > ii) If I try and access a resource in \course\gjava I get the
> logon page, if
> > I enter an invalid username and password I get the logon page
> again - *not*
> > the error page.
> >
> > iii) If I try and access a resource in \course\gjava I get the
> logon page,
> > if I enter a valid username and password everything works. But
> if I hit the
> > back button and then enter an invalid username/password I get redirected
> > here http://localhost/course/gjava/j_security_check and get a 404 error
> >
> > iv) If I try and access a resource in \course\gjava I get the
> logon page, if
> > I enter an invalid username and password I get the logon page
> again - *not*
> > the error page. If I now enter the correct password I get the
> error page,
> >
> > Kevin Jones
> > DevelopMentor
> > www.develop.com
> >
> >
>
Re: Form based logon problems in T4B6
Posted by "Craig R. McClanahan" <cr...@apache.org>.
Sounds like a bug introduced when the functionality was modified recently,
to do redirects instead of forwards. Could you do me a favor and file a
bug report so it gets tracked?
Thanks,
Craig
On Tue, 24 Jul 2001, Kevin Jones wrote:
> I can't get form based logon to work reliably in Beta6 (in fact I've had
> problems for a while)
>
> I have a webapp (called course) and a sub directory (gjava) which is
> protected. I'm using form based logon with the username and password in
> tomcat-users.xml.
>
> i) If I try and access a resource in \course\gjava I get the logon page, if
> I enter a valid username and password everything works.
>
> ii) If I try and access a resource in \course\gjava I get the logon page, if
> I enter an invalid username and password I get the logon page again - *not*
> the error page.
>
> iii) If I try and access a resource in \course\gjava I get the logon page,
> if I enter a valid username and password everything works. But if I hit the
> back button and then enter an invalid username/password I get redirected
> here http://localhost/course/gjava/j_security_check and get a 404 error
>
> iv) If I try and access a resource in \course\gjava I get the logon page, if
> I enter an invalid username and password I get the logon page again - *not*
> the error page. If I now enter the correct password I get the error page,
>
> Kevin Jones
> DevelopMentor
> www.develop.com
>
>
Re: Form based logon problems in T4B6
Posted by "Craig R. McClanahan" <cr...@apache.org>.
Kevin,
As I was fixing Bugzilla #2768 (form based login was losing the query
string when redirecting back to the original page), I tried out your
scenario using the examples app included with Tomcat:
http://localhost:8080/examples/jsp/security/protected/index.jsp
and it seemed to work correctly. I'd be very interested in a test case
that fails on tonight's nightly build (20010725).
Craig
On Tue, 24 Jul 2001, Kevin Jones wrote:
> I can't get form based logon to work reliably in Beta6 (in fact I've had
> problems for a while)
>
> I have a webapp (called course) and a sub directory (gjava) which is
> protected. I'm using form based logon with the username and password in
> tomcat-users.xml.
>
> i) If I try and access a resource in \course\gjava I get the logon page, if
> I enter a valid username and password everything works.
>
> ii) If I try and access a resource in \course\gjava I get the logon page, if
> I enter an invalid username and password I get the logon page again - *not*
> the error page.
>
> iii) If I try and access a resource in \course\gjava I get the logon page,
> if I enter a valid username and password everything works. But if I hit the
> back button and then enter an invalid username/password I get redirected
> here http://localhost/course/gjava/j_security_check and get a 404 error
>
> iv) If I try and access a resource in \course\gjava I get the logon page, if
> I enter an invalid username and password I get the logon page again - *not*
> the error page. If I now enter the correct password I get the error page,
>
> Kevin Jones
> DevelopMentor
> www.develop.com
>
>