-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 lb,
lightbulb432 wrote: > Redirects are used so that users don't encounter the resubmit warning by the > browser when they refresh the page, and so that page refreshes don't result > in the POST being resent to the server. I know people like to avoid those, but get real: refreshing a failed POST ought to re-POST the data (that will fail again). You should really only redirect on success. > Passing the message in the request parameter (suggested by Mark) doesn't > seem like the ideal solution, because (assuming a parameterized message > based on submitted POST values) you'd need to pass the actual message in the > query string. Not only would you have an ugly URL, but also someone could > visit that page with their own message by changing the query string. Oh, no! Someone could mount an XSS attack on themselves! :p > Is there an ideal way to tell servlet S (one way I can think of is request > attributes - anything else?) not to execute its filter when a redirect has > been performed (i.e. to perform no further execution of its thread because > the request has redirected away from it)? That way, am I correct to say you > have a good solution - no race condition, no messages in query string, and > you can use redirects as desired? Um, <dispatcher>? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHBRd89CaO5/Lv0PARAqfdAKCphZJo0OBjQ1L+Lnhy7/FmndajuwCgnGPo AgIrExTUevV/v6KyhqPUDgU= =19YI -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
