• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

problem with Invalid direct reference to form login page

 
reubin haz
Ranch Hand
Posts: 287
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I got an error like this:

Invalid direct reference to form login page
The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

I did a little research online and found someone saying, its because users cannot login directly from login page. You first have to goto a restricted page other than the login page, and then the web-server will automatically redirect you to the login page and once you have valid login, the web-server will automatically redirect you back to the restricted page such as index.jsp.

I would like to create a login page that contains javascript to do the form login action automatically in some case. Does someone know is there bypass for this web server restriction?

Thanks.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18277
56
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could put javascript on the login page and attach it to the onload event, but that seems like a serious security hole.

What would probably be more reasonable would be that the "auto-login" functions should be made capable of running without a login required at all. That is, under unrestricted URLs.
 
reubin haz
Ranch Hand
Posts: 287
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Tim. I already did in that way. But it looks like the problem is the normal login page will have a jsessionid automatically. But my copy of login page does not. Then the page hits the problem of 'Invalid direct reference to form login page'

So I guess I just need create a jsessionid manually, then it's fine to do the login automatically.

How can I create a tomcat jsessionid manually? Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic