Re: How can the login page see parameters in the original request?

2009-01-01 Thread removeps-groups
Do you mean set session attributes? How do you do that from the client side? --- On Wed, 12/31/08, Konstantin Kolinko knst.koli...@gmail.com wrote: From: Konstantin Kolinko knst.koli...@gmail.com Subject: Re: How can the login page see parameters in the original request? To: Tomcat Users

Re: How can the login page see parameters in the original request?

2009-01-01 Thread Konstantin Kolinko
2009/1/1 removeps-gro...@yahoo.com: Do you mean set session attributes? How do you do that from the client side? a) You can set them in another page (an unprotected one) that is accessed before, or that redirects to this one. b) You can pass your secrets as a cookie, or as a request header.

Re: How can the login page see parameters in the original request?

2009-01-01 Thread removeps-groups
Most thorough, thanks! --- On Thu, 1/1/09, Konstantin Kolinko knst.koli...@gmail.com wrote: From: Konstantin Kolinko knst.koli...@gmail.com Subject: Re: How can the login page see parameters in the original request? To: Tomcat Users List users@tomcat.apache.org Date: Thursday, January 1

Re: How can the login page see parameters in the original request?

2008-12-31 Thread Konstantin Kolinko
2008/12/30 removeps-gro...@yahoo.com: To hide the existence of the page from robots. --- On Tue, 12/30/08, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: How can the login page see parameters in the original request? To: Tomcat Users List users@tomcat.apache.org Date

Re: How can the login page see parameters in the original request?

2008-12-30 Thread Mark Thomas
removeps-gro...@yahoo.com wrote: How can the login page see parameters in the original request? Without some hacking of the Tomcat internals, it can't. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

Re: How can the login page see parameters in the original request?

2008-12-30 Thread Pid
removeps-gro...@yahoo.com wrote: Only if certain secret fields and values are present, do I want to generate the login page. They're not really secret if you're passing them as parameters. It sounds like you're trying to over-engineer something, which often results in no security

Re: How can the login page see parameters in the original request?

2008-12-30 Thread removeps-groups
To hide the existence of the page from robots. --- On Tue, 12/30/08, Pid p...@pidster.com wrote: From: Pid p...@pidster.com Subject: Re: How can the login page see parameters in the original request? To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, December 30, 2008, 6:26 AM

How can the login page see parameters in the original request?

2008-12-29 Thread removeps-groups
How can the login page see parameters in the original request? In my app, I make a request to https://localhost/mywebservice/action.do. Because the user is not authenticated, Tomcat redirects them to the login page. I want the login page to be able to see the parameters passed in the original