Discussion:
HTTP Status 400 - Invalid direct reference to form login page!
Gheorghe Pucea
2010-06-03 14:29:38 UTC
Permalink
Hello,



I have a problem with my Tomcat instance, I'm using:


Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3


I have implemented a JAAS login module for my application and everything
goes fine except from one thing.

Here are the steps that I am doing:


1)Request a protected resource -> the login form show's up and I enter my
username and password
2) I get into the application and everything looks fine but when I get back
to the login page and enter my username/password again I get the message:
(If I refresh the login page immediately when I hit the logout button
everything goes weel)
HTTP Status 400 - Invalid direct reference to form login page
------------------------------

*type* Status report

*message* *Invalid direct reference to form login page*

*description* *The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page)*

*
*

*
*

*
*

*Thank you very much!*
Propes, Barry L
2010-06-03 16:10:42 UTC
Permalink
I had that happen periodically for years with my version of TC 4.1.31.

With some folks, we could get it to go away, by cleaning out browser cache. With others, it was the same people that incurred it all the time. They could access "other" protected areas, but not the one.
I ended up making a duplicate non-protected piece for them. For me it wasn't a big deal, because they already were -- in a sense -- in a protected piece to begin with. But it would have been better if it'd worked.

-----Original Message-----
From: Gheorghe Pucea [mailto:***@gmail.com]
Sent: Thursday, June 03, 2010 9:30 AM
To: ***@tomcat.apache.org
Subject: HTTP Status 400 - Invalid direct reference to form login page!

Hello,



I have a problem with my Tomcat instance, I'm using:


Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3


I have implemented a JAAS login module for my application and everything goes fine except from one thing.

Here are the steps that I am doing:


1)Request a protected resource -> the login form show's up and I enter my username and password
2) I get into the application and everything looks fine but when I get back to the login page and enter my username/password again I get the message:
(If I refresh the login page immediately when I hit the logout button everything goes weel) HTTP Status 400 - Invalid direct reference to form login page
------------------------------

*type* Status report

*message* *Invalid direct reference to form login page*

*description* *The request sent by the client was syntactically incorrect (Invalid direct reference to form login page)*

*
*

*
*

*
*

*Thank you very much!*
Gheorghe Pucea
2010-06-03 16:47:17 UTC
Permalink
Hello Barry,




Thank you very much for your quick respone, but I think that version of
Tomcat was very old compared to Tomcat 6.0.26 I think the problem should be
fix by now.
So you suggest that I manually should clear my browser's cache?And this
should fix my problem?
Post by Propes, Barry L
I had that happen periodically for years with my version of TC 4.1.31.
With some folks, we could get it to go away, by cleaning out browser cache.
With others, it was the same people that incurred it all the time. They
could access "other" protected areas, but not the one.
I ended up making a duplicate non-protected piece for them. For me it
wasn't a big deal, because they already were -- in a sense -- in a protected
piece to begin with. But it would have been better if it'd worked.
-----Original Message-----
Sent: Thursday, June 03, 2010 9:30 AM
Subject: HTTP Status 400 - Invalid direct reference to form login page!
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and everything
goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I enter my
username and password
2) I get into the application and everything looks fine but when I get back
(If I refresh the login page immediately when I hit the logout button
everything goes weel) HTTP Status 400 - Invalid direct reference to form
login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
---------------------------------------------------------------------
Propes, Barry L
2010-06-03 17:50:41 UTC
Permalink
It worked for some users; for others it did not.

I'm not sure I ever received a definitive reason for it happening - especially to random users -- but it happened to the same set of users most all the time, where others weren't affected.

You could try that first, and see if that worked. If not, I'm not sure what to tell you. Maybe some others on this forum would know better than I.

-----Original Message-----
From: Gheorghe Pucea [mailto:***@gmail.com]
Sent: Thursday, June 03, 2010 11:47 AM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!

Hello Barry,




Thank you very much for your quick respone, but I think that version of Tomcat was very old compared to Tomcat 6.0.26 I think the problem should be fix by now.
So you suggest that I manually should clear my browser's cache?And this should fix my problem?
Post by Propes, Barry L
I had that happen periodically for years with my version of TC 4.1.31.
With some folks, we could get it to go away, by cleaning out browser cache.
With others, it was the same people that incurred it all the time.
They could access "other" protected areas, but not the one.
I ended up making a duplicate non-protected piece for them. For me it
wasn't a big deal, because they already were -- in a sense -- in a
protected piece to begin with. But it would have been better if it'd worked.
-----Original Message-----
Sent: Thursday, June 03, 2010 9:30 AM
Subject: HTTP Status 400 - Invalid direct reference to form login page!
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I get
(If I refresh the login page immediately when I hit the logout button
everything goes weel) HTTP Status 400 - Invalid direct reference to
form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
---------------------------------------------------------------------
Pid
2010-06-03 17:11:20 UTC
Permalink
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and everything
goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I enter my
username and password
2) I get into the application and everything looks fine but when I get back
(If I refresh the login page immediately when I hit the logout button
everything goes weel)
Please explain what you mean by "when I get back to the login page".

Why are you going back to the login page?


p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
Propes, Barry L
2010-06-03 17:51:58 UTC
Permalink
Yeah, I'd say he shouldn't be going "back to the login page" but rather to the protected page.

-----Original Message-----
From: Pid [mailto:***@pidster.com]
Sent: Thursday, June 03, 2010 12:11 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I get
(If I refresh the login page immediately when I hit the logout button
everything goes weel)
Please explain what you mean by "when I get back to the login page".

Why are you going back to the login page?


p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
Gheorghe Pucea
2010-06-03 18:13:06 UTC
Permalink
Hello Barry,



Exactly that is my problem, on every forum says that this error
happens when you access directly the login page, but when I log out from my
app I redirect the url to point to a restricted resource then my login page
appears and when I enter the username/password the error apears.

So after the log out I don't point directly to the login page insted I
point to a restricted page and when I get redirected to the login I type my
username/pass and I get the error.





Thank you very much for your time, I really appreciate!!!!!!!
Post by Propes, Barry L
Yeah, I'd say he shouldn't be going "back to the login page" but rather to
the protected page.
-----Original Message-----
Sent: Thursday, June 03, 2010 12:11 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I get
back to the login page and enter my username/password again I get the
(If I refresh the login page immediately when I hit the logout button
everything goes weel)
Please explain what you mean by "when I get back to the login page".
Why are you going back to the login page?
p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
---------------------------------------------------------------------
Propes, Barry L
2010-06-03 19:27:52 UTC
Permalink
Sounds like the session's not getting invalidated properly?

-----Original Message-----
From: Gheorghe Pucea [mailto:***@gmail.com]
Sent: Thursday, June 03, 2010 1:13 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!

Hello Barry,



Exactly that is my problem, on every forum says that this error happens when you access directly the login page, but when I log out from my app I redirect the url to point to a restricted resource then my login page appears and when I enter the username/password the error apears.

So after the log out I don't point directly to the login page insted I point to a restricted page and when I get redirected to the login I type my username/pass and I get the error.





Thank you very much for your time, I really appreciate!!!!!!!
Post by Propes, Barry L
Yeah, I'd say he shouldn't be going "back to the login page" but
rather to the protected page.
-----Original Message-----
Sent: Thursday, June 03, 2010 12:11 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I
get back to the login page and enter my username/password again I
get the
(If I refresh the login page immediately when I hit the logout
button everything goes weel)
Please explain what you mean by "when I get back to the login page".
Why are you going back to the login page?
p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
---------------------------------------------------------------------
Gheorghe Pucea
2010-06-03 19:37:02 UTC
Permalink
Exactly, I supposed that too but when the user click's the logout
button a servlet is called and that servlet invalidates the session after
that from the server side a response is given back to the UI from where my
application is redirected to a restricted resource. So I checked the servlet
that does the invalidation and it look's fine.
I spend 2 whole days googling and trying to solve the issue and don't
know what else to do.
It is the first time form me to work with JAAS on Tomcat and I don't
exactly know if the problem is caused by JAAS or by Tomcat but I checked the
login module and it work's fine and I think this issue is related to Tomcat.



So please if you have another idea please share it.

Thank you,
Post by Propes, Barry L
Sounds like the session's not getting invalidated properly?
-----Original Message-----
Sent: Thursday, June 03, 2010 1:13 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Barry,
Exactly that is my problem, on every forum says that this error
happens when you access directly the login page, but when I log out from my
app I redirect the url to point to a restricted resource then my login page
appears and when I enter the username/password the error apears.
So after the log out I don't point directly to the login page insted I
point to a restricted page and when I get redirected to the login I type my
username/pass and I get the error.
Thank you very much for your time, I really appreciate!!!!!!!
Post by Propes, Barry L
Yeah, I'd say he shouldn't be going "back to the login page" but
rather to the protected page.
-----Original Message-----
Sent: Thursday, June 03, 2010 12:11 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Post by Propes, Barry L
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I
get back to the login page and enter my username/password again I
get the
(If I refresh the login page immediately when I hit the logout
button everything goes weel)
Please explain what you mean by "when I get back to the login page".
Why are you going back to the login page?
p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
---------------------------------------------------------------------
---------------------------------------------------------------------
Propes, Barry L
2010-06-03 20:01:03 UTC
Permalink
Would there be some sort of caching mechanism keeping the session alive somehow?


-----Original Message-----
From: Gheorghe Pucea [mailto:***@gmail.com]
Sent: Thursday, June 03, 2010 2:37 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!

Exactly, I supposed that too but when the user click's the logout button a servlet is called and that servlet invalidates the session after that from the server side a response is given back to the UI from where my application is redirected to a restricted resource. So I checked the servlet that does the invalidation and it look's fine.
I spend 2 whole days googling and trying to solve the issue and don't know what else to do.
It is the first time form me to work with JAAS on Tomcat and I don't exactly know if the problem is caused by JAAS or by Tomcat but I checked the login module and it work's fine and I think this issue is related to Tomcat.



So please if you have another idea please share it.

Thank you,
Post by Propes, Barry L
Sounds like the session's not getting invalidated properly?
-----Original Message-----
Sent: Thursday, June 03, 2010 1:13 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Barry,
Exactly that is my problem, on every forum says that this error
happens when you access directly the login page, but when I log out
from my app I redirect the url to point to a restricted resource then
my login page appears and when I enter the username/password the error apears.
So after the log out I don't point directly to the login page
insted I point to a restricted page and when I get redirected to the
login I type my username/pass and I get the error.
Thank you very much for your time, I really appreciate!!!!!!!
On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L
Post by Propes, Barry L
Yeah, I'd say he shouldn't be going "back to the login page" but
rather to the protected page.
-----Original Message-----
Sent: Thursday, June 03, 2010 12:11 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Post by Propes, Barry L
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I
get back to the login page and enter my username/password again I
get the
(If I refresh the login page immediately when I hit the logout
button everything goes weel)
Please explain what you mean by "when I get back to the login page".
Why are you going back to the login page?
p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
--------------------------------------------------------------------
---------------------------------------------------------------------
Gheorghe Pucea
2010-06-03 20:21:01 UTC
Permalink
I didn't found one.....I don't know, but when I close my browser or I
refresh the page it work's so it's definitely something about the session.








Thank you!
Post by Propes, Barry L
Would there be some sort of caching mechanism keeping the session alive somehow?
-----Original Message-----
Sent: Thursday, June 03, 2010 2:37 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Exactly, I supposed that too but when the user click's the logout
button a servlet is called and that servlet invalidates the session after
that from the server side a response is given back to the UI from where my
application is redirected to a restricted resource. So I checked the servlet
that does the invalidation and it look's fine.
I spend 2 whole days googling and trying to solve the issue and don't
know what else to do.
It is the first time form me to work with JAAS on Tomcat and I don't
exactly know if the problem is caused by JAAS or by Tomcat but I checked the
login module and it work's fine and I think this issue is related to Tomcat.
So please if you have another idea please share it.
Thank you,
Post by Propes, Barry L
Sounds like the session's not getting invalidated properly?
-----Original Message-----
Sent: Thursday, June 03, 2010 1:13 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Post by Propes, Barry L
Hello Barry,
Exactly that is my problem, on every forum says that this error
happens when you access directly the login page, but when I log out
from my app I redirect the url to point to a restricted resource then
my login page appears and when I enter the username/password the error
apears.
Post by Propes, Barry L
So after the log out I don't point directly to the login page
insted I point to a restricted page and when I get redirected to the
login I type my username/pass and I get the error.
Thank you very much for your time, I really appreciate!!!!!!!
On Thu, Jun 3, 2010 at 8:51 PM, Propes, Barry L
Post by Propes, Barry L
Yeah, I'd say he shouldn't be going "back to the login page" but
rather to the protected page.
-----Original Message-----
Sent: Thursday, June 03, 2010 12:11 PM
To: Tomcat Users List
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Post by Propes, Barry L
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I
enter my username and password
2) I get into the application and everything looks fine but when I
get back to the login page and enter my username/password again I
get the
(If I refresh the login page immediately when I hit the logout
button everything goes weel)
Please explain what you mean by "when I get back to the login page".
Why are you going back to the login page?
p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically
incorrect (Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
--------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
Gheorghe Pucea
2010-06-03 18:18:31 UTC
Permalink
Sorry Pid I didn't noticed your message.




By "when I get back to the login page" I mean that I log out from my app and
then I redirect my app to a restricted resource and when my login page
appears I type my User/pass and the error occurs.

I want to add something, when I log out and after I redirect my app to a
protected resource the login page show's up if I hit the refresh button on
my browser and I type in my user/pass it works.


Thank you very much for your time!!!!
Really appreciate!
Post by Gheorghe Pucea
Post by Gheorghe Pucea
Hello,
Tomcat 6.0.26
Java jdk 1.5.0_17
Windows XP SP3
I have implemented a JAAS login module for my application and
everything
Post by Gheorghe Pucea
goes fine except from one thing.
1)Request a protected resource -> the login form show's up and I enter
my
Post by Gheorghe Pucea
username and password
2) I get into the application and everything looks fine but when I get
back
Post by Gheorghe Pucea
(If I refresh the login page immediately when I hit the logout button
everything goes weel)
Please explain what you mean by "when I get back to the login page".
Why are you going back to the login page?
p
Post by Gheorghe Pucea
HTTP Status 400 - Invalid direct reference to form login page
------------------------------
*type* Status report
*message* *Invalid direct reference to form login page*
*description* *The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page)*
*
*
*
*
*
*
*Thank you very much!*
Christopher Schultz
2010-06-03 21:24:50 UTC
Permalink
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my app and
then I redirect my app to a restricted resource and when my login page
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app to a
protected resource the login page show's up if I hit the refresh button on
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.

Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?

- -chris
Gheorghe Pucea
2010-06-03 21:34:36 UTC
Permalink
Hello Cris,

*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*

After the session get's invalidate(on the server side) my code send back a
request success to the UI and then the Ui redirect's my app to the protected
resource.

*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*

My cookies are enabled. But I don't know exactly if the login/logout code
form properly encode the session id into it's <form>(how can I test that?)



Thank you very much!!!!



On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my app
and
Post by Gheorghe Pucea
then I redirect my app to a restricted resource and when my login page
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app to a
protected resource the login page show's up if I hit the refresh button
on
Post by Gheorghe Pucea
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.
Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
=lzIW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
Martin Gainty
2010-06-04 00:19:48 UTC
Permalink
the reference is to URLEncoder class

URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format

javadoc for encode methods of the URLEncoder are illustrated at



http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html

Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Date: Fri, 4 Jun 2010 00:34:36 +0300
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Cris,
*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*
After the session get's invalidate(on the server side) my code send back a
request success to the UI and then the Ui redirect's my app to the protected
resource.
*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*
My cookies are enabled. But I don't know exactly if the login/logout code
form properly encode the session id into it's <form>(how can I test that?)
Thank you very much!!!!
On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my app
and
Post by Gheorghe Pucea
then I redirect my app to a restricted resource and when my login page
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app to a
protected resource the login page show's up if I hit the refresh button
on
Post by Gheorghe Pucea
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.
Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
=lzIW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Gheorghe Pucea
2010-06-04 05:59:27 UTC
Permalink
The encoding is ok I tried it out today. But I need to add one more thing
the problem doesn't appear
on Google Chrome but it appears on IE8 and Mozila 3.5.9.
Post by Martin Gainty
the reference is to URLEncoder class
URLEncoder Utility class is used for HTML form encoding. This class
contains static methods for converting a String to the
application/x-www-form-urlencoded MIME format
javadoc for encode methods of the URLEncoder are illustrated at
http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
dient lediglich dem Austausch von Informationen und entfaltet keine
rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Date: Fri, 4 Jun 2010 00:34:36 +0300
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Hello Cris,
*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*
After the session get's invalidate(on the server side) my code send back
a
request success to the UI and then the Ui redirect's my app to the
protected
resource.
*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*
My cookies are enabled. But I don't know exactly if the login/logout code
form properly encode the session id into it's <form>(how can I test
that?)
Thank you very much!!!!
On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my
app
and
Post by Gheorghe Pucea
then I redirect my app to a restricted resource and when my login
page
Post by Gheorghe Pucea
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app
to a
Post by Gheorghe Pucea
protected resource the login page show's up if I hit the refresh
button
on
Post by Gheorghe Pucea
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.
Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
=lzIW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Gheorghe Pucea
2010-06-04 08:49:16 UTC
Permalink
Please I really need help. I found out today that it work's on opera to.







Many thanks!!!
Post by Gheorghe Pucea
The encoding is ok I tried it out today. But I need to add one more thing
the problem doesn't appear
on Google Chrome but it appears on IE8 and Mozila 3.5.9.
Post by Martin Gainty
the reference is to URLEncoder class
URLEncoder Utility class is used for HTML form encoding. This class
contains static methods for converting a String to the
application/x-www-form-urlencoded MIME format
javadoc for encode methods of the URLEncoder are illustrated at
http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
dient lediglich dem Austausch von Informationen und entfaltet keine
rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Date: Fri, 4 Jun 2010 00:34:36 +0300
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Hello Cris,
*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*
After the session get's invalidate(on the server side) my code send back
a
request success to the UI and then the Ui redirect's my app to the
protected
resource.
*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*
My cookies are enabled. But I don't know exactly if the login/logout
code
form properly encode the session id into it's <form>(how can I test
that?)
Thank you very much!!!!
On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my
app
and
Post by Gheorghe Pucea
then I redirect my app to a restricted resource and when my login
page
Post by Gheorghe Pucea
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app
to a
Post by Gheorghe Pucea
protected resource the login page show's up if I hit the refresh
button
on
Post by Gheorghe Pucea
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.
Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkwIHaIACgkQ9CaO5/Lv0PD4egCfT9LLrkpGYO39bqTTki1arNoc
k+4An0eBb+93c9XYCgzNXnF4BZop8NTI
=lzIW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Pid
2010-06-04 09:11:31 UTC
Permalink
Post by Martin Gainty
the reference is to URLEncoder class
URLEncoder Utility class is used for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format
javadoc for encode methods of the URLEncoder are illustrated at
http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
Not it's not, it's a reference to "response.encodeRedirectURL(path)"

Instead of continuing to talk about this in the abstract, how about you
post some details of your configuration and the code you're using to logout?

Where is the login form, what URL is it?

Which URL are you redirecting to after logout, and how are you doing that?

etc


p
Post by Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Date: Fri, 4 Jun 2010 00:34:36 +0300
Subject: Re: HTTP Status 400 - Invalid direct reference to form login page!
Hello Cris,
*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*
After the session get's invalidate(on the server side) my code send back a
request success to the UI and then the Ui redirect's my app to the protected
resource.
*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*
My cookies are enabled. But I don't know exactly if the login/logout code
form properly encode the session id into it's <form>(how can I test that?)
Thank you very much!!!!
On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my app
and
Post by Gheorghe Pucea
then I redirect my app to a restricted resource and when my login page
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app to a
protected resource the login page show's up if I hit the refresh button
on
Post by Gheorghe Pucea
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.
Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?
-chris
---------------------------------------------------------------------
Post by Martin Gainty
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Gheorghe Pucea
2010-06-05 17:51:22 UTC
Permalink
After I perform the log out I call a redirect function to a protected
resource and that goes well.


Somewhere I found that I need to set this tag in mai login.html page:

<META HTTP-EQUIV = "Pragma" CONTENT="no-cache">
<META HTTP-EQUIV = "Cache-control" CONTENT="no-cache">

And I did that and after I hit the logout button and perform another login
it seem to work, but if I continue and log out and then again log in the
problem occurs again!


Thank you for your time!
Post by Martin Gainty
Post by Martin Gainty
the reference is to URLEncoder class
URLEncoder Utility class is used for HTML form encoding. This class
contains static methods for converting a String to the
application/x-www-form-urlencoded MIME format
Post by Martin Gainty
javadoc for encode methods of the URLEncoder are illustrated at
http://java.sun.com/j2se/1.5.0/docs/api/java/net/URLEncoder.html
Not it's not, it's a reference to "response.encodeRedirectURL(path)"
Instead of continuing to talk about this in the abstract, how about you
post some details of your configuration and the code you're using to logout?
Where is the login form, what URL is it?
Which URL are you redirecting to after logout, and how are you doing that?
etc
p
Post by Martin Gainty
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
dient lediglich dem Austausch von Informationen und entfaltet keine
rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Post by Martin Gainty
Date: Fri, 4 Jun 2010 00:34:36 +0300
Subject: Re: HTTP Status 400 - Invalid direct reference to form login
page!
Post by Martin Gainty
Hello Cris,
*After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.*
After the session get's invalidate(on the server side) my code send back
a
Post by Martin Gainty
request success to the UI and then the Ui redirect's my app to the
protected
Post by Martin Gainty
resource.
*Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?*
My cookies are enabled. But I don't know exactly if the login/logout
code
Post by Martin Gainty
form properly encode the session id into it's <form>(how can I test
that?)
Post by Martin Gainty
Thank you very much!!!!
On Fri, Jun 4, 2010 at 12:24 AM, Christopher Schultz <
Gheorghe,
Post by Gheorghe Pucea
By "when I get back to the login page" I mean that I log out from my
app
Post by Martin Gainty
and
Post by Gheorghe Pucea
then I redirect my app to a restricted resource and when my login
page
Post by Martin Gainty
Post by Gheorghe Pucea
appears I type my User/pass and the error occurs.
I want to add something, when I log out and after I redirect my app
to a
Post by Martin Gainty
Post by Gheorghe Pucea
protected resource the login page show's up if I hit the refresh
button
Post by Martin Gainty
on
Post by Gheorghe Pucea
my browser and I type in my user/pass it works.
After you call session.invalidation(), what does your code do,
specifically? If you do a "forward" to a protected resource, strange
things may happen with cookie-passing.
Does your login form properly encode the session id into it's <form>
action? Does your logout code properly encode the session id into the
redirect URL? Have you enabled/disabled cookies in your web browser?
-chris
---------------------------------------------------------------------
Post by Martin Gainty
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with
Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Loading...