Hi there, I'm new to the list, just having some trouble getting my
authentication to work with Firefox. I'm trying to protect access to a member
area in my new website, and am just using the built in form based security for
now. I'm using Tomcat 6.0.14, IE7 and Firefox 2.0.0.6.When attempting to access
the member area (/members/) the user is to be redirected to /login.jsp. The
error page is the same but with a parameter (/login.jsp?error=true). When using
IE7, all of this works just fine and after successful login, the user is sent
to /members/When using Firefox, when everything is freshly built it works the
first time. If I then log out (using session.invalidate() and being redirected
to the home page) and log in again it stopsworking. After a successful login
the user is presented not with the /members/ page, but with the login page
again. Hitting refresh actually gives us the page we're after, so it seems to
be caching thelogin page 'as' the /members/ page.
------------------------------------------Here is a section from my
web.xml:------------------------------------------- <security-constraint>
<display-name>Member Access</display-name> <web-resource-collection>
<web-resource-name>Member Access Area</web-resource-name>
<url-pattern>/members/*</url-pattern> <http-method>DELETE</http-method>
<http-method>GET</http-method> <http-method>POST</http-method>
<http-method>PUT</http-method> </web-resource-collection> <auth-constraint>
<role-name>administrator</role-name> <role-name>member</role-name>
<role-name>student</role-name></auth-constraint> </security-constraint>
<login-config> <auth-method>FORM</auth-method> <realm-name>Member
Area</realm-name> <form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp?error=true</form-error-page> </form-login-config>
</login-config> -----------------------------------------Here is my logout
code:-----------------------------------------
<% session.invalidate();response.sendRedirect("/"); %>
----------------------------------------Here is my login
code:-----------------------------------------
<form method="post" action='<%= response.encodeURL("j_security_check") %>' >
<table border="0" cellspacing="5">
<tr>
<th align="right">Username:</th>
<td align="left"><input type="text" name="j_username" /></td>
</tr>
<tr>
<th align="right">Password:</th>
<td align="left"><input type="password" name="j_password" /></td>
</tr>
<tr>
<td align="right"><input type="submit" value="Log In" /></td>
<td align="left"><input type="reset" /></td>
</tr>
</table></form> Note: I've tried putting the following code at the top of my
login.jsp and logout.jsp files but it doesn't seem to help:
<%
response.setHeader("Cache-Control","no-cache");
response.setHeader("Cache-Control","no-store");
response.setDateHeader("Expires", -1);
response.setHeader("Pragma","no-cache");
%>
Thanks very much for any assistance,
Luke.
