Do you mean set session attributes? How do you do that from the client side?
--- On Wed, 12/31/08, Konstantin Kolinko <knst.koli...@gmail.com> wrote: > From: Konstantin Kolinko <knst.koli...@gmail.com> > Subject: Re: How can the login page see parameters in the original request? > To: "Tomcat Users List" <users@tomcat.apache.org>, removeps-gro...@yahoo.com > Date: Wednesday, December 31, 2008, 5:43 AM > 2008/12/30 <removeps-gro...@yahoo.com>: > > To hide the existence of the page from robots. > > > > --- On Tue, 12/30/08, Pid <p...@pidster.com> wrote: > > > >> From: Pid <p...@pidster.com> > >> Subject: Re: How can the login page see parameters > in the original request? > >> To: "Tomcat Users List" > <users@tomcat.apache.org> > >> Date: Tuesday, December 30, 2008, 6:26 AM > >> removeps-gro...@yahoo.com wrote: > >> > >> > Only if certain secret fields and values are > present, > >> do I want to generate the login page. > >> > >> They're not really secret if you're > passing them as > >> parameters. > >> It sounds like you're trying to over-engineer > >> something, which often > >> results in no security improvements and sometimes > >> introduces flaws. > >> > >> What is your real goal? > >> > > > > How about passing them with the Session? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: > users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
