aspose file tools*
The moose likes Tomcat and the fly likes problem with Invalid direct reference to form login page Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "problem with Invalid direct reference to form login page" Watch "problem with Invalid direct reference to form login page" New topic
Author

problem with Invalid direct reference to form login page

reubin haz
Ranch Hand

Joined: May 12, 2005
Posts: 287
I got an error like this:

Invalid direct reference to form login page
The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).

I did a little research online and found someone saying, its because users cannot login directly from login page. You first have to goto a restricted page other than the login page, and then the web-server will automatically redirect you to the login page and once you have valid login, the web-server will automatically redirect you back to the restricted page such as index.jsp.

I would like to create a login page that contains javascript to do the form login action automatically in some case. Does someone know is there bypass for this web server restriction?

Thanks.


SCJA, SCJP5.0, SCBCD, SCWCD
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16014
    
  20

You could put javascript on the login page and attach it to the onload event, but that seems like a serious security hole.

What would probably be more reasonable would be that the "auto-login" functions should be made capable of running without a login required at all. That is, under unrestricted URLs.


Customer surveys are for companies who didn't pay proper attention to begin with.
reubin haz
Ranch Hand

Joined: May 12, 2005
Posts: 287
Thanks Tim. I already did in that way. But it looks like the problem is the normal login page will have a jsessionid automatically. But my copy of login page does not. Then the page hits the problem of 'Invalid direct reference to form login page'

So I guess I just need create a jsessionid manually, then it's fine to do the login automatically.

How can I create a tomcat jsessionid manually? Thanks
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: problem with Invalid direct reference to form login page