>
> At 2:06 PM -0700 4/11/00, [EMAIL PROTECTED] wrote:
>
> > > I noticed an interesting problem that if you log in with something like
> >>
> >> http://localhost/servlets/Turbine/screen/Login
> >>
> >> then type in your user name and password, the next screen rewrites
> >> the URL and redirects to the login page. The problem is that your
> >> password shows up in the rewritten URL on the browser's location line!
> >
> ><form method="POST"> will prevent that. This isn't a Turbine issue, it is
> >the way that you wrote your <form> tag.
>
> Actually this happens with the default screens with a current
> checkout. There is no form involved since it is a redirect. It is in
> Turbine.java at the beginning of the doGet method. I didn't see any
> way around it without using the session data.
Ahhh...after reading your email more carefully, now I *think* I understand
what you are talking about. Solution: don't call screen/Login directly
without already establishing a session. ;-)
> >Ok. Send a diff.
>
> Give me a few days :) I have a day job unfortunately and I still have
> it in my homework list to read through the mail archives...
All I have is time...
-jon
--
Scarab -
Java Servlet Based - Open Source
Bug/Issue Tracking System
<http://scarab.tigris.org/>
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
