[jboss-jira] [JBoss JIRA] Updated: (JBAS-6175) Form-based WAR authentication - redirect fails second time round.

Keith Johnston (JIRA) jira-events at lists.jboss.org
Fri Nov 7 07:21:36 EST 2008 

     [ https://jira.jboss.org/jira/browse/JBAS-6175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Keith Johnston updated JBAS-6175:
---------------------------------

    Attachment: request_log.txt


Added fiddler output

> Form-based WAR authentication - redirect fails second time round.
> -----------------------------------------------------------------
>
>                 Key: JBAS-6175
>                 URL: https://jira.jboss.org/jira/browse/JBAS-6175
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security, Web (Tomcat) service
>    Affects Versions: JBossAS-4.2.2.GA
>         Environment: Win XP; JDK 1.6.0_07; Firefox 3.0.3
>            Reporter: Keith Johnston
>            Assignee: Anil Saldhana
>         Attachments: request_log.txt
>
>
> When using standard J2EE authentication of a WAR file redirects fail to return the correct page.
> Authentication proceeds as follows:
>  1. Request /                      ->  server responds with login page.
>  2. Login ok                        ->  server authenticates and sends 302 redirect
>  3. Follow redirect             ->  server responds with 'real' page.
>  4. Do some work...
>  5. Invalidate session to logout; send browser to / with javascript using window.location()
>  6. Request /                      ->  server responds with login page.
>  7. Login ok                        ->  server authenticates and sends 302 redirect
>  8. Follow redirect             ->  server responds with 304 -> browser renders last seen version of URL: login page.
> The result of step 8 should be to display the 'real' page.
> Refreshing the page (Ctrl-R) loads the 'real' page fine confirming authentication worked ok and that the browser is incorrectly using a cached copy.
> The same behaviour is also seen in Google Chrome, although Internet explorer works as expected.
> Possible cause?
> -----------------------
> I'm wondering if tomcat is getting confused with the If-Modified-Since or If-None-Match values on the requests? The requests made in steps 3 & 8 are identical (all headers the same).

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list