In message <001301c13f6e$ccff4b40$6700010a@rightmove1>, Gareth Coltman
<[EMAIL PROTECTED]> writes
>Can anybody give me a good reason why I should NOT remove the first
>access redirect behaviour from my version of turbine? This is
>where a new request is immediately redirected back to the same page,
>adding redirected=true into the parameters. The only useful bit
>of functionality encapsulated in this section of code is setting the
>session timeout. I am planning to edit Turbine.java to set
>Session Timeout if data.getSession.isNew() with no other conditions. I
>just can't understand what it is for.... Sorry.
>
>I have a vague recollection that this weird behaviour was to fix a
>mozzila bug... Or is it to stop a DOS attack.... Can anybody shed
>any light on this?
The redirects are in place to ensure:
a) that session tracking is functional on the particular combination of
browser/container/etc without entering an infinite redirect loop,
b) that no redirect specifies the same URL as the request URL, as some
browsers (yes, notably mozilla) will get upset about this.
--
Sean Legassick
[EMAIL PROTECTED]
ignorance is not bliss
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
