> Um. I think that redirects are terrible. Not only are they not an > excuse for > security (because someone can easily figure out the redirect url's), but > they increase the amount of network time an application needs...especially > if someone is over a slow link. Internal redirects are much better.
OK. I wasn't suggesting that it should be used for security - all pages that require security should implement some kind of authorization. That's But how would you deal with this problem without a redirect: - User logs in. (URL: /Login.vm) - User clicks on login button (URL: /action/Login) - Template is set to Homepage.vm (URL would still be /Login.vm) - User goes elsewhere in the site - User returns to homepage by using browser's back button. (Eventually returning user to /action/Login and causing the action to be performed again) I can imagine that you would respond by saying - that it won't hurt - the user will just be logged in again (or not if you have a some ifLoggedIn code). In this case not much harm would be done. But imagine if this was a delete action. This is why I think a redirect can be useful. Gareth -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
