that's good to know, Chris -- I might try that and see if it solves my problem, too.
-----Original Message----- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 16, 2008 1:15 PM To: Tomcat Users List Subject: Re: that old problem - Invalid direct reference to form login page -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, Michael Teter wrote: | <form method="POST" action="j_security_check"> You should always do: <form method="POST" action="<%= response.encodeURL(request.getContextPath() + "/j_security_check")) %>"> You should always include the context path in URLs. You should always run your URLs through response.encodeURL so that the session id is encoded in the URL if the user isn't using cookies. Otherwise, logins never work when cookies are not being used. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgGQggACgkQ9CaO5/Lv0PD1FQCfaXXjRMBsCikW65hkCPhwbFeh 0dsAoJ+FFHynG4eWytwTCZHzSqZAPmXf =vSBo -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
