Think I know the answer to this one. This problem is due to Turbine rewriting the query data into the path, when the user starts a new session. Turbine tries to ensure session tracking is working by doing a redirect after the users first request. If an exception occurs in this redirected request, the path will be displayed showing any query data, even if it was sumbitted POST. There is some stuff in the archive about this problem.
We removed the redirect from our Turbine code (Turbine.java) and this problem seems to have gone away. Gareth > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel Rall > Sent: Monday, November 26, 2001 06:51 > To: Turbine Users List > Subject: Re: session variables that appear in url > > > Bruce Altner <[EMAIL PROTECTED]> writes: > > > I will be careful to note the next time it happens and record all > > the details. It is quite disconcerting to see passwords on display > > like that. > > Definitely. Steps to reproduce would be appreciated. > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
