> At the top of my page is an access control code block that checks to see
if
> a user is allowed access to the page. If the user doesn't have access,
then
> they are redirected to an error page. Below the control code is a
procedure
> to deal with a submitted form that updates a database. The problem is if
> the user is not allowed, the form submission is still allowed and then the
> user is redirected to the error page, which would allow an unwanted
visitor
> to update the database even though the control code successfully rejects
> them. The only way I'm able to force the server to redirect before
parsing
> the whole page is to place a "return;" immediately after the redirect at
the
> end of the if() block.
response.sendRedirect() doesn't stop the execution of a page, the
jsp:forward tag does. Maybe this is the problem, try using it instead of
redirect.
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
