-
1. Re: pressing back to login again
mkotsbak Feb 12, 2002 10:44 AM (in response to jflinchbaugh)Try setting a session property on a page after user is logged in, and check that one in the login-form page. If it is set, redirect to the secured part of the site.
-
2. Re: pressing back to login again
jflinchbaugh Feb 12, 2002 11:20 AM (in response to jflinchbaugh)yes, i would expect that to work for someone who hits the login page directly -- direct them somewhere else. but in the case of pressing the back button, they don't hit the server again, they just view it from their cache. j_security_check doesn't exist on this next invocation from the form action.
it almost feels like i need j_security_check to always exist and have that do the actual invalidation of the session and reinstatement. -
3. Re: pressing back to login again
mkotsbak Feb 12, 2002 2:33 PM (in response to jflinchbaugh)Maybe you could eliminate that problem by setting the expire time for the login-page in some http-header. I don't know if it will work in all browser though.
-
4. Re: pressing back to login again
jflinchbaugh Feb 13, 2002 11:23 AM (in response to jflinchbaugh)did some playing around, and found that jetty will let me hit back and login again just fine without reporting j_security_check as unavailable.
now jetty seems to have some other sporadic form-based login issues, but i think i've narrowed it to a tomcat problem.
i'll have to try it on weblogic sometime. -
5. Re: pressing back to login again
jflinchbaugh Feb 13, 2002 11:40 AM (in response to jflinchbaugh)hmmm...indeed a tomcat bug:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6279
i'll have to see if tomcat 4.0.2 fixes it.