I've seen this code cause some other problems, but I'm not sure how to
reproduce them. For example, I've seen the following happen:
I had a Login Screen where the form action is the Login Screen with the
Login Action, and then in the action code, depending on the user it does
a data.setTemplate to go to the user's home page.
Sometimes, when you reload the homepage, the URL will be rewritten,
including the form parameters (username and password), because of the
code below. The parameterparser includes form elements, and the for
loop puts those into the pathinfo...so sometimes the password appears in
the URL. I don't really understand the purpose of that fragment, so I
can't make any suggestions, but I wanted to note that I have seen the
behaviour described above.
-Nissim
Tomasz Skutnik wrote:
>
> Hi everybody.
>
> I'd like to bring that topic back to discussion. In my opinion that
> whole stuff, that detects infinite redirection, is simply useless. Yes,
> it prevents you against buggy server (not appending session id to url),
> however, IMHO this should be of no concern for us. It's administrator
> responsibility to make sure that he has API compliant server (especially
> when there's Tomcat out there - free and ... put all that advertising
> stuff here). Servlet container is not single user word-processor-like
> application. It SHOULD be API compliant, and failing in session id
> appending - is definitely not so. So, I suggets we drop the whole
> "infinite redirect" checking stuff and replace it with this:
>
> if ( sessionValidator.requiresNewSession(data) &&
> data.getSession().isNew() )
> {
> DynamicURI duri = new DynamicURI (data);
> String homepage = TurbineResources.getString("screen.homepage",
> null);
> if (homepage != null)
> {
> duri.setScreen(homepage);
> }
> // pass on the sent data in pathinfo
> for (Enumeration e = data.getParameters().keys() ;
> e.hasMoreElements() ;)
> {
> String key = (String) e.nextElement();
> String value = (String) data.getParameters().getString ( key );
> duri.addPathInfo((String)key, (String)value );
> }
> data.getResponse().sendRedirect(
> data.getResponse().encodeRedirectUrl(duri.toString()) );
> return;
> }
>
> This should work fine (at least for what I've tested).
>
> If somebody has different point of view - feel free to share with us.
>
> Scooter.
>
> ------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
> Problems?: [EMAIL PROTECTED]
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
