Hi again, Frank W. Zammetti wrote:
Yes, I think what you caught yourself is what I was driving towards :) Just for comparisons' sake, here's the filter and listener I came up with to deal with this (this is condensed for space, just showing the main bits of the puzzle)... this is what's going in JWP (unless someone points out a major flaw of course!)...
I wouldn't call itt a major flaw but there is a part which could cause some problems in your solution.
You execute the filterChain.doFilter(request, response); in every case. This way you allow users to make requests which could have side effects on the server. I mean that I could execute a /updateUser.jsp?id=1&firstName=Tom&lastName=Sawyer I could also execute POST requests. A second problem is that you can access all servlets that don't create HttpSessions in their doGet, doPost methods and jsp's with <[EMAIL PROTECTED] session="false" %>. If you make it like I did it you won't have these problems. The two solutions will look more similar if you make this modification, but no worries, I won't sue you. ;-) (I would if I had the money for it, but I'm just a poor unemployed Java programmer hehe) Tamas --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]