---------------------------------------------------------------- BEFORE YOU POST, search the faq at <http://java.apache.org/faq/> WHEN YOU POST, include all relevant version numbers, log files, and configuration files. Don't make us guess your problem!!! ---------------------------------------------------------------- Environment: Jserv v 1.1, Redhat 6.1, on Apache 1.3.x I am having trouble maintaing session identity in a call to a servlet that is the ACTION target of an html form using the POST method. I do not have the ability to use cookies, and so I'm trying to use URL rewriting. I do not have any trouble with the GET method -- both of the methods listed below seem to work... I've tried two approaches: 1) Including the session id as a hidden field in the form 2) adding the session ID to the URL of the servlet that is specified in the ACTION parameter of the FORM tag. Neither works. When I include the session id in the ACTION tag URL using response.encodeURL(), none of other form elements are retrievable in the ACTION servlet after the form is submitted. That is, request.getParameter("formelement") returns null for any formelement. When I include the session id as a hidden input field of the form, the ACTION servlet does not properly recognize the session id, and consequently, request.getSession(true) returns a new session. THIS IS A HUGE problem! Anyone wanting to be able use Jserv for a production e-commerce app aimed at an audience of the lowest common denominator is just plain stuck as far as using secure POST forms and sessions are concerned! Has anyone found a workaround? -- -------------------------------------------------------------- Please read the FAQ! <http://java.apache.org/faq/> To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] Archives and Other: <http://java.apache.org/main/mail.html> Problems?: [EMAIL PROTECTED]
