Hey all, I think I finally understand the problem that Travis (or someone else) was seeing a LONG time ago and I'm not quite sure how to fix it. :-( The problem is this: You establish a session object with Turbine. You go eat a burrito. You come back, click the submit button on the page. The session is invalidated so Turbine does a HTTP redirect back to the same URL in order to create a new session, but all the form data is now in the browsers Location field because of the redirect and Turbine carrying all that information through. In the case of the login screen, this would cause your password information to be displayed in the location! Not good. Got any good ideas on how to fix this problem? The only thing that I can think of is to not pass on all the form fields in the redirect other than just what we need (screen, action, template), but this could get messy for people that want to provide the ability to have someone establish a session with known information, for instance a confirmation screen. Ie: You send someone an email that says this: Click this link to validate your user information: <http://www.foo.com/servlet/Turbine/template/Confirm.wm/validate/alsdkjfalsd jkf> That would first cause a redirect to happen to establish the session and then the Confirm.wm page would show up with the validate field already filled in because the redirect passed the information through. Any ideas on how to fix this? -jon -- http://scarab.tigris.org/ | http://noodle.tigris.org/ http://java.apache.org/ | http://java.apache.org/turbine/ http://www.working-dogs.com/ | http://jakarta.apache.org/velocity/ http://www.collab.net/ | http://www.sourcexchange.com/ ------------------------------------------------------------ To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/> Problems?: [EMAIL PROTECTED]
