> >
>> At 2:06 PM -0700 4/11/00, [EMAIL PROTECTED] wrote:
>>
>> > > I noticed an interesting problem that if you log in with something like
>> >>
>> >> http://localhost/servlets/Turbine/screen/Login
>> >>
>> >> then type in your user name and password, the next screen rewrites
>> >> the URL and redirects to the login page. The problem is that your
>> >> password shows up in the rewritten URL on the browser's location line!
>> >
>> ><form method="POST"> will prevent that. This isn't a Turbine issue, it is
>> >the way that you wrote your <form> tag.
>>
>> Actually this happens with the default screens with a current
>> checkout. There is no form involved since it is a redirect. It is in
>> Turbine.java at the beginning of the doGet method. I didn't see any
>> way around it without using the session data.
>
>Ahhh...after reading your email more carefully, now I *think* I understand
>what you are talking about. Solution: don't call screen/Login directly
>without already establishing a session. ;-)
Right. That's a solution [to make sure the user establishes a session first].
It seems nice if people were able to bookmark deeper pages though. I
don't think this is too difficult a problem to solve and I think I
can do it in a general, non-obtrusive way that adds some new
functionality. I'll study the code a bit more and hopefully put
together documentation and a preliminary patch to try things out...
> > >Ok. Send a diff.
>>
>> Give me a few days :) I have a day job unfortunately and I still have
>> it in my homework list to read through the mail archives...
>
>All I have is time...
Remember that today is just a memory of tomorrow...
Chris
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Problems?: [EMAIL PROTECTED]
