On Wed, 25 Apr 2001, Mark.Abbott wrote:
> Hi, didn't get a response to this question on tomcat-user
> so I'll give it a try here.
>
> In the Tomcat 4b2 implementation of form based authentication,
> the redirection from a request for a protected resource to the
> login page and then from the login page submission back to the
> protected resource are done internally in the valve. This makes
> the browser think it is receiving a response to a request other
> than the one that was actually served, and interferes with the
> browser fetching other resources referred to by the served resource,
> such as images or stylesheets, that may use relative URLs.
>
> How is one supposed to deal with this issue? It seems like it
> might be reasonable to require that one only use absolute URLs
> in links from the login page, but not for any arbitrary protected
> resource.
>
You can also use the HTML <base> element, which makes the browser resolve
relative references from a base directory specified in your page:
<html>
<head>
<title>My Login Page</title>
<base href="/my/base/directory"/> <-- Relative to server root
</head>
...
</html>
> Thanks - Mark
>
>
>
Craig
