Do you mean set session attributes? How do you do that from the client side?
--- On Wed, 12/31/08, Konstantin Kolinko knst.koli...@gmail.com wrote:
From: Konstantin Kolinko knst.koli...@gmail.com
Subject: Re: How can the login page see parameters in the original request?
To: Tomcat Users
2009/1/1 removeps-gro...@yahoo.com:
Do you mean set session attributes? How do you do that from the client side?
a) You can set them in another page (an unprotected one) that is
accessed before,
or that redirects to this one.
b) You can pass your secrets as a cookie, or as a request header.
Most thorough, thanks!
--- On Thu, 1/1/09, Konstantin Kolinko knst.koli...@gmail.com wrote:
From: Konstantin Kolinko knst.koli...@gmail.com
Subject: Re: How can the login page see parameters in the original request?
To: Tomcat Users List users@tomcat.apache.org
Date: Thursday, January 1
2008/12/30 removeps-gro...@yahoo.com:
To hide the existence of the page from robots.
--- On Tue, 12/30/08, Pid p...@pidster.com wrote:
From: Pid p...@pidster.com
Subject: Re: How can the login page see parameters in the original request?
To: Tomcat Users List users@tomcat.apache.org
Date
removeps-gro...@yahoo.com wrote:
How can the login page see parameters in the original request?
Without some hacking of the Tomcat internals, it can't.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
removeps-gro...@yahoo.com wrote:
Only if certain secret fields and values are present, do I want to generate
the login page.
They're not really secret if you're passing them as parameters.
It sounds like you're trying to over-engineer something, which often
results in no security
To hide the existence of the page from robots.
--- On Tue, 12/30/08, Pid p...@pidster.com wrote:
From: Pid p...@pidster.com
Subject: Re: How can the login page see parameters in the original request?
To: Tomcat Users List users@tomcat.apache.org
Date: Tuesday, December 30, 2008, 6:26 AM
How can the login page see parameters in the original request?
In my app, I make a request to https://localhost/mywebservice/action.do.
Because the user is not authenticated, Tomcat redirects them to the login page.
I want the login page to be able to see the parameters passed in the original