I think, it is a well known practice to use absolute names to access resources in login and global error pages, but the reason behind it might not be so clear for some of us. Servlet specification states that when a protected resource accessed, should the request directed first to login page unless user is authenticated, but leaves how this direction will happen. As a result, implementations may differ among several web containers.
If a web container sends a redirect response to browser, relative resources will be resolved based on login or error page’s location, so using non-absolute path will work in that case, however, if forwarding is preferred by the container, relative resources may be broken as browser will try to resolve them relative to the currently requested protected resource’s URL.
The best way to solve that kind of problem is always to use absolute paths in login and error pages to refer to other resources.