DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12549>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=12549 j_security_check is not handled correctly when authenticated ------- Additional Comments From [EMAIL PROTECTED] 2002-10-31 20:27 ------- We should mark this as a duplicate and continue the discussion in Bug 6279. >From the original bug report: <blockquote> This ought to be easy to reproduce...if you go to a page secured by form-based authentication in a webapp under catalina, you are displayed the login form. Log in, you see the page you asked for. Now click 'back' in the browser. You get the login form again. Resubmit the form. You will end up at a tomcat 404 error page, explaining that the resource /some/path/to/j_security_check does not exist. </blockquote> I think this is one reason we can not exactly duplicate BASIC authentication as in BASIC, the back button takes you to the page you were on before the login prompt. This is a problem for usability, as the current behavior is non-intuitive for web users and is not solvable by web developers or tomcat administrators without modifying Tomcat or disabling form based authentication. -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
