On 25/07/2011 11:17, Chema wrote: > Hi: > > I'm having a strange behaviour when using realm in Tomcat 7 ( 7.0.16) > with browser tabs > My web app has some protected resources ( with <security-constraint> > tag in web.xml ) by a realm. > I'm using FORM method in <auth-method> tag. So, i've got my own login page : > > <html> > <form method='post' action='j_security_check'> > <input type='text' name='j_username'> > <input type='password' name='j_password'> > <input type='submit' name='send'> > </form> > </html> > > > Steps: > > 1) I open a tab in my browser and access to a protected resource > > http://localhost:8080/myapp/protected/file_one.properties > > So, login page is shown > > 2) I open a new tab in the browser and access to another protected resource > > http://localhost:8080/myapp/protected/file_two.properties > > So, login page is shown > > > 3) Back first tab , and authenticate with a valid user. The resource > shown is file_two.properties (??) > > 4) Go to second tab, and authenticate with the same valid user ( or > another valid user ) and an error happens > > State HTTP 404 - /myapp/j_security_check > > > I know that session is shared between tabs but I think there are two > rare results : > > - on step 3, it's returned a different resource than requested . > - on step 4 , it's returned a 404 error > > If this is a right behaviour , how I can avoid that an user can > perform this steps ?
The behaviour is correct. You can't stop it. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
