DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12549>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12549 j_security_check is not handled correctly when authenticated ------- Additional Comments From [EMAIL PROTECTED] 2002-10-31 20:14 ------- It is not valid to address the "j_security_check" URL directly in an HTTP request. Therefore, any attempt to do so will cause undefined behavior that is dependent on which container (and which version of which container) you are accessing. For Tomcat 4.1.x, it will typically generate a 4xx error because this "magic" URL is only enabled when the container itself sent the login page. The design of form-based authentication was based on creating a user experience similar to that of BASIC authentication, where the browser pops up the login dialog only when necessary, with the additional feature that you can customize the look and feel of the login page. However, in BASIC authentication, the login dialog box is never addressed directly (indeed, it has no URL so it cannot be). You should design webapps for form-based authentication exactly the same way. Think of the form login page as part of the container, not part of the app. -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
