On Wed, 23 May 2001, Mark.Abbott wrote:
>
>
> Peter Costello wrote:
> >
> >
> > ===========================================================================
> > 1) org.apache.catalina.authenticator.FormAuthenticate
> >
> > The following enhancement allows the IE5.0 browser
> > to maintain the
> > correct URL in its history list. For example, if
> > browser fetches
> > 'index.jsp' and tomcat returns 'login.jsp', then
> > when browser submits
> > username and password it sends a 'POST
> > j_security_check'. Method
> > 'authenticate()' does its work and then restores
> > the original request
> > and returns. However, now the browser thinks that
> > page 'GET index.jsp'
> > is 'POST j_security_check' and using the
> > back/forward on the browser
> > will result in an error when we get back to the
> > 'POST'.
> >
> > My fix was to send a redirect to the original page
> > after authenticate
> > does its work.
> >
>
> But what if the original request was not a GET, but rather
> a POST? How can you redirect to that?
>
> Cheers - Mark
>
>
>
The change to use a redirect will be necessary to meet the new 2.3 spec
requirements. However, Mark's point is critical -- if the original
request is a POST, we still need this to work. That can be done, but it's
a little more complicated than just the current patch.
Craig
