• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

problem with Invalid direct reference to form login page

 
Ranch Hand
Posts: 287
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got an error like this:

Invalid direct reference to form login page
The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

I did a little research online and found someone saying, its because users cannot login directly from login page. You first have to goto a restricted page other than the login page, and then the web-server will automatically redirect you to the login page and once you have valid login, the web-server will automatically redirect you back to the restricted page such as index.jsp.

I would like to create a login page that contains javascript to do the form login action automatically in some case. Does someone know is there bypass for this web server restriction?

Thanks.
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could put javascript on the login page and attach it to the onload event, but that seems like a serious security hole.

What would probably be more reasonable would be that the "auto-login" functions should be made capable of running without a login required at all. That is, under unrestricted URLs.
 
reubin haz
Ranch Hand
Posts: 287
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim. I already did in that way. But it looks like the problem is the normal login page will have a jsessionid automatically. But my copy of login page does not. Then the page hits the problem of 'Invalid direct reference to form login page'

So I guess I just need create a jsessionid manually, then it's fine to do the login automatically.

How can I create a tomcat jsessionid manually? Thanks
 
In the renaissance, how big were the dinosaurs? Did you have tiny ads?
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic