I use a modified version of SecurePage.py which no longer works with the latest Webware CVS because of the new code that allows query strings and POST variables to both be parsed. I agree that both should be parsed but one should override the other, not be added together. SecurePage.py creates hidden fields for any fields passed in (now including query string variables). It also keeps the query string as is so when the form gets submitted the same variables exist in the query string and in the form. The servlet that receives the form now gets a list of values for those variables instead of a single value. I could re-write SecurePage to not duplicate query-string variables but I think that the behavior of FieldStorage/HTTPRequest is incorrect and should be changed instead. Form values should overwrite query string values. Does anyone disagree? Jeff
<<winmail.dat>>
