2010/8/12 Thomas Treitlinger <ttreitlin...@gmail.com>: > Hello, > > I have a number of JSP pages which use the JSTL core library to set a > request attribute like this: > <c:set var="foo" scope="request" >FOO-VALUE</c:set> > > The JSPs then forward to a Servlet like this: > <jsp:forward page="/request.go" /> > > The Servlet later invokes > String s = (String) request.getAttribute("foo") >
Maybe somebody calls your page directly? The usual solution to avoid that is to move the page into WEB-INF directory. You can <jsp:forward page="/WEB-INF/_jsp/request.go" />, but nobody can call it directly. Also there is one more possible catch: if 'c:' prefix is not associated with a taglib, <c:set will be rendered as text, without invoking the tag library. Maybe the jsp or other file was corrupted somehow? > The application was running in Tomcat 5.5.23 (Linux/Slackware) I wonder if you can upgrade to a later version. I usually mention this page: http://tomcat.apache.org/security-5.html Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org