Tim Moore wrote:
*obligated* to respect the redirect. This means that relying on a redirect to protect secure data might be a mistake. In other server side languages (Perl, PHP), you can call exit immediately after setting the header to ensure that the sensitive data is not sent from the server to the user agent in the event that the user agent does not respect the redirect. However, as Paul Yunusov on this list pointed out to me, you cannot simply exit a servlet, it is not the same as a PHP or Perl script. (The original message is appended to this one.)
No, but you can return from a servlet's request method :-)
[...]
There could be a flaw in my logic, or I could simply be stating the obvious and everyone knew this. If either of those is the case, please point out my fallacy and I apologize for wasting everyone's time. :)
What if you return right after calling sendRedirect?
That works! Well, I haven't tested it very thoroughly, obviously, but that seems to do the trick! I didn't even think of that, to be honest with you. Since doFilter() returns void anyway, it simply terminates the filter! (Of course I will have to make sure that any logging code I wish to use happens before the return statement, but that's beside the point.)
Thanks a lot Tim.
Erik
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
