Thanks again P,
Yeah I actually already had the meta tags at the top, and modified everything to match your example exactly. I also tried using separate login and error pages with no noticeable difference. Here are the http responses to the member page GET. I'm not well versed in this stuff, but it seems like the cache-control info is ok but it thinks the page has not been modified when the re-login fails: Success: --------------------- http://localhost:8080/members/ GET /members/ HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://localhost:8080/members/ Cookie: JSESSIONID=533286C2B979BBF186A7D69AAAE33746 Cache-Control: max-age=0 HTTP/1.x 200 OK Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 10:00:00 EST Etag: W/"2807-1188956843361" Last-Modified: Wed, 05 Sep 2007 01:47:23 GMT Content-Type: text/html Content-Length: 2807 Date: Wed, 05 Sep 2007 02:03:55 GMT Failure: ----------------------------- http://localhost:8080/members/ GET /members/ HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://localhost:8080/members/ Cookie: JSESSIONID=FF03B0286AA97B1A603A05A1E402728D Cache-Control: max-age=0 HTTP/1.x 304 Not Modified Server: Apache-Coyote/1.1 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 10:00:00 EST Etag: W/"2807-1188956843361" Date: Wed, 05 Sep 2007 02:04:23 GMT > Date: Wed, 5 Sep 2007 09:46:53 +0100 > From: [EMAIL PROTECTED] > To: users@tomcat.apache.org > Subject: Re: Problem with form based JSP authentication using Firefox with > Tomcat > > Are you saying you tried what I suggested, or that you have already > tried it? It seems like the problem is a caching issue to me. > > What URL are you trying to access to trigger the login - you're not > accessing the login.jsp directly are you? (I have to ask...) > > > In the second instance the browser is setting JSESSIONID as a cookie, > instead of as a URL parameter, but that shouldn't make a difference. > The response.encodeURL method only encodes the URL with JSESSIONID if it > can't see the same value in a cookie in the request. > > The value of JSESSIONID *may* change with each new session, but it won't > be created until you hit a JSP. So the first time it's only created > when you hit login.jsp, where it's encoded in the URL because no > previous session id was found in the URL or cookie. > > The cookie still exists locally after you logout, until you close the > browser down, so it's not added to the URL the second time round, but as > the existing ID is an invalid session it triggers the authentication valve. > > > > You should compare the server response headers rather than the request > headers, to see if the server is correctly sending the Cache-Control info. > > > > p > > > > > > > > Luke McMahon wrote: >> Thanks p (hope this is formatted better!) >> >> I tried this without success. I've attached the livehttpheader output below. >> What seems to happen in Firefox is the first time I go to the login page, it >> passes the jsessionid to j_security_check. >> If I then invalidate the session, and go to log in again, it calls >> j_security_check without this identifier. This might be why I'm not getting >> redirected to the member page, but I'm not sure of that. >> Like I said, this works fine in IE, but firefox still seems to either be >> losing its bundle after the session is invalidated or incorrectly caching >> the login page as the member page I'm trying to access. >> >> I've just cut and pasted the differences between the headers of the >> successful login, and the unsuccessful login (ie. no redirect). >> >> Success: >> --------------------------------- >> http://localhost:8080/members/ >> >> GET /members/ HTTP/1.1 >> Host: localhost:8080 >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.6) >> Gecko/20070725 Firefox/2.0.0.6 >> Accept: >> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 >> Accept-Language: en-us,en;q=0.5 >> Accept-Encoding: gzip,deflate >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive: 300 >> Connection: keep-alive >> Referer: http://localhost:8080/index.htm >> >> Failure: >> ------------------------------------ >> http://localhost:8080/members/ >> >> GET /members/ HTTP/1.1 >> Host: localhost:8080 >> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.6) >> Gecko/20070725 Firefox/2.0.0.6 >> Accept: >> text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 >> Accept-Language: en-us,en;q=0.5 >> Accept-Encoding: gzip,deflate >> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 >> Keep-Alive: 300 >> Connection: keep-alive >> Referer: http://localhost:8080/index.htm >> Cookie: JSESSIONID=533286C2B979BBF186A7D69AAAE33746 >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
