Hann, Brian wrote:
Partially, and yes that seems to work. But here's the thing:
When a user fails to enter a good password they will be given a chance to enter questions like "What is your mother's maiden name", etc. and get their account unlocked.
Without passing the enc_key and system_id in form parameters, is there any way I could make them available to whichever handler that is for the full series of requests? The handler gets those values when the user first gets to auth_fail but after that there isn't really any way I can keep passing them on, is there?
nope, except by virtue of redirecting them back to /bob and starting the cycle over again.
--Geoff