----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
Hi,
... okay, thanks for the reply. But :
Jon : It doesn't work here. I can reproduce it over and over again... Could
you send an example of your working servlet ? I have read other people's
remarks on this which seem to support the fact that any parameters included
in the action attribute of a get-form, are overridden by the parameters from
the form data. I couldn't get additional info on this in the HTTP rfc...
anyone with extra info on how browsers do/are supposed to do this ?
I'm not sure whether this kind of evidence is conclusive, but the
reconstruction of the request URL
(request.getRequestURI()+"?"+request.getQueryString())) does not contain the
session identifier. Does that mean that the browser didn't send it ? On the
other hand, all the other logged requests are clearly showing the session
identifier in the reconstruction, and yes, on the other side, the identifier
is clearly displayed in the action attribute of the get-form under scrutiny
(by inspecting the document source). Should we use a special encoding type ?
Anyway, as long as I can remember, for get-forms we always had to include
the parameters as hidden inputs.. if there's a mistake made by us as far as
using get-forms is concerned, I'd like to know about it, of course... the
problem only became acute since support for URL rewriting suddenly became an
issue.
David : The question mark is there... I just made a typo reproducing the
code for this mail. request.encodeUrl(...) puts in the '?' itself.
Thanks again, keep it coming,
Danny
Danny Martens wrote:
> ----------------------------------------------------------------
> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> WHEN YOU POST, include all relevant version numbers, log files,
> and configuration files. Don't make us guess your problem!!!
> ----------------------------------------------------------------
>
> Hi,
>
> I've been browsing the faqs etc., and found some remarks but no solution
> for the following problem :
>
> It would appear that a form built like this :
> ---
> <FORM METHOD="get"
> ACTION="/servlet/servletname&JServSessionIdroot=izql8ur4w2">
> ---
> does not transmit the session data.
>
> If you use the post method, it works, but this is a very poor fix...
> e.g. using post can cause requests for extra user input from the
> browser... not very practical...
>
> If you do it like this :
> ---
> <FORM METHOD="get"
> ACTION="/servlet/servletname">
> <INPUT TYPE="hidden" NAME="JServSessionIdroot" VALUE="izql8ur4w2">
> ---
>
> the session is maintained, but writing servlets who produce output like
> this is not good practice and servlet host sensitive, simply because
> session tracking solutions are proprietary to the servlet host, and e.g.
> Servlet Exec from New Atlanta does encoding something similar to
> "/servlet/servletname;$session=...", which looks like they get by this
> problem by encoding the URL differently ?
>
> Why can't JServ do this too ?
>
> Bottom line, encodeUrl appears to become useless if you use it in the
> above get-form scenario...
>
> e-gret,
> Danny Martens
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html>
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
