Mike Francis wrote:
> I am new to the JSP scene. Any help with this problem would be greatly appreciated.
> I've written a bean that handles a database connection and the queries to the
> database. I use a form to allow the user to type in their username and password.
> When they hit the "login" button to submit the form the next page sets the username
> and password in the database bean. However this page shows the parameters in the URL
> in the browsers "Location" window.
>
>
>http://xwing.myriad.com:8080/mikef/jsp/num/studies.jsp?username=mike&password=mypassword
>
> If someone looks over my shoulder as I log in they would see my password. Is there a
> slicker way to allow a user to login.
>
> I thought I could use javascript to setUser and setPassword in my database bean in
> the "onclick" event of the form's login button, but I don't know how to reference the
> bean from javascript.
>
> Thanks in advance for your help.
>
> mike
>
You can't reference the bean directly from JavaScript, because the JavaScript code
runs in
the client browser, while the bean runs on the server.
However, you can solve the problem you described by changing your input form like this:
<form action="...." method="POST">
This will cause the username and password to be included in the message body of the
request, instead of being listed in the URL. If you are submitting to a JSP page,
nothing
special needs to be done there. If you are submitting to a servlet, though, you will
need
to implement the doPost() method instead of doGet().
If you are using JSWDK 1.0, you should also be aware that there are some bugs in the
POST
handling, particularly with Netscape browsers. These problems are supposed to be
fixed in
a forthcoming update.
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
