Mark, you can reproduce it using the FormAuthentication example in the examples ( http://localhost:8080/examples/jsp/security/protected/)
edit index.jsp 1. add the line "RequestURI: <%= request.getRequestURI() %><br><br>" in begin of body 2. change the method of the form from GET to POST scenario: 1. go to http://localhost:8080/examples/jsp/security/protected/ 2. log in 3. open second tab/window to same url 4. log out in second tab/window 5. go to initial window and submit form 6. log in again 7. observe the malformed requestURI see also attached screenshots (if they make it to the mailing list). dirk On 1 May 2018 at 16:20, Dirk Ooms <dir...@gmail.com> wrote: > apologies for the incomplete info. it is tomcat 9.0.6 > > i will try to set up a test case and get back to you. > > dirk > > > On 1 May 2018 at 16:07, Mark Thomas <ma...@apache.org> wrote: > >> On 01/05/18 14:36, Dirk Ooms wrote: >> > Hello, >> > >> > i did an upgrade from tomcat5.5 to tomcat9 and i'm using >> j_security_check. >> > >> > in tomcat5.5 when a user was not logged in and he/she requested a url, >> the >> > login page was returned and after logging in the user was given the >> > requested resource. when i requested request.getRequestURI() in my code >> the >> > returned uri was correct for both GET and POST. >> > >> > in tomcat9 this is not the case anymore for POST (for GET still ok). >> when i >> > call request.getRequestURI() after the user is logged in, it returns >> > "chString" in my case, which is a part of the name of the first form >> field >> > ("searchString") of the original POST. >> > >> > any idea? am i missing something? >> >> The exact Tomcat 9 version. >> >> A test case that demonstrates the issue. >> >> Mark >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
