----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files. Don't make us guess your problem!!!
----------------------------------------------------------------
So far so good,
...judging from the log files, all those who tried already (thanks, whoever
those IP were :) didn't seem to lose their session anymore over the GET
form. With the patch the same code now works across different servlet
hosts.
I think it's clear JServ falls short in this respect, by not taking into
account that there is no guarantee how the GET-form action attribute is
processed by the client, consequently forcing developers to deviate to the
presrcibed way of working with the servlet API 2.0 (and encodeUrl in
particular) : rendering code servlet host sensible. Another argument would
be the HTTP spec itself, which clearly states in which cases it is
preferred to use GET and POST : an argument against always using POST.
The solution is open for improvement : the simple patch no longer encodes
the session data as a parameter (which appeared to be an elegant
implementation at first), but hides it in the URI itself. It is the very
same solution exploited by other servlet hosts. This leaves the problem of
implementing getRequestURI : should it suppress the session data or not ?
Technically it's not difficult to implement any of this. I'm still looking
into it, but I feel it would be better to suppress it ... something it
still doesn't do right now.
e-gret,
D
Danny Martens wrote:
> ----------------------------------------------------------------
> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> WHEN YOU POST, include all relevant version numbers, log files,
> and configuration files. Don't make us guess your problem!!!
> ----------------------------------------------------------------
>
> Hi,
>
> ... It would be great if some of you would like to test a custom JServ
> version, which includes a modification to work around a problem I've
> been experiencing with the encodeURL and the ACTION attribute for forms
> using the GET method.
>
> You can test a running application at http://akira.esat.kuleuven.ac.be.
> Only the *products* section is dynamic. All the rest is static HTML, so
> don't bother. Access the products section with the toolbar on the
> bottom.
>
> Please turn of cookies before you try. Definitely try out a little
> search, as it is a GET-form, exactly what the fix is for.
>
> I'd like some feedback on how you fare. Only on functionality, not on
> design :) That's a totally different subject matter.
>
> I'll leave the server running for the next 48 hours...
>
> Thanks !
>
> Danny Martens
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html>
> Problems?: [EMAIL PROTECTED]
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
