hi everyone,
does anyone know if it is possible to use sendRedirect() such that the
browser will send a POST instead of a GET to the new URL?
the problem I am trying to solve is this:
I have a site with registered users. A component of the site has a form that
submits to a 3rd party server(a user id is submitted to the 3rd party server
upon submission). Before the user leaves my site I need to record the fact
that they are going to the 3rd party site.
So the first idea was to have the form submit to a servlet/jsp (this records
the hit on my server) then
sendRedirect("http://www.3rdparty.com?userID=xxx?param1=xxx")
the problem with this solution is that the userID will be visible in the
location bar. anyone could play with the userID an potentially access
another user's data.
But if I sendRedirect as a POST instead of a GET, and write my parameters
into the Request header, the userID would not be visible. Not secure, but
suitable for this app.
Does anyone have any experience with this, or a similar, issue?
thanks.
e. [EMAIL PROTECTED]
v. (617) 452-1346
f. (617) 452-1399
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
