hv @ Fashion Content wrote: > On the default page of the site I put a login form as descibed in the > Servlet spec. > I then specified the default page to be the login page and listed all other > pages on the site(Except access denied page) as protected. > > The behaviour that I expected was: > 1) If a user visits the site he has the option to log in. > 2) If he returns to the site via an old link/favourite, the default page > will be shown for him to log in. > > As I understand it now, this setup cannot be achieved using form > authentication.
How about this. - Set any page in your app as the welcome page - Protect all pages This should give the following behaviour: 1) User visiting sites requests welcome page and is redirected to login page. After successful auth user is redirected to welcome page. 2) User visiting site via link/favourite is redirected to login page. After successful auth user is redirected to welcome page. > In my mind that makes form authentication completely useless. Hopefully not ;). The one thing that will not work, is if a user book marks the login page. If they try to use a book marked login page they will get the 408. Another problem is if you want authentication over https but the rest of the site over http you will need to do some extra things to achieve this. Search the user list as there has been some posts about this recently. > Hopefully I got it all wrong, and there is a way to achieve my goal. I think there is. see above. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
