Your form is doing a GET request, that's why the attributes appear in the URL.
If you want to 'hide' them (as I think you do) then use a POST request instead. Look at the docs (at http://jakarta.apache.org/struts/userGuide/struts-html.html#form) and decide how your form is submitted. (Interestingly, POST is the default so did you specifically request a GET?) Note that even as a POST request, the password attibute would be readable to someone who really wanted to read it (with a network sniffer or something). You'd need SSL to be really sure it is secure. Rick. -----Original Message----- From: Ingo Bruell [mailto:[EMAIL PROTECTED]] Sent: 22 April 2002 10:08 To: Struts Users Mailing List Subject: Re[4]: Why form content is put into the url Hi Struts, JR> Do you have cookies enabled in the browsers being used for test? Yes. Sometimes. JR> I seem to recall that Tomcat will negotiate a number of such things for you JR> unless you tell it not to. (But I might be imagining things.) My application works like the struts-example (Registration). In the example the Attributes were not passed in the URL. The URL look very strange: --- snip --- http://172.31.254.100:8080/diplom-app/index.jsp?email=dsfsd&password=dfds& firstName=fdsfds&submit=Abschicken&org.apache.struts.taglib.html.TOKEN= 69e3e9246fc46cdcbddbc3297e9bb445&loginName=fdf&matriculation=sfsdf&status=1& lastName=fdsfd ---snap --- so long Ingo Bruell --- <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <ICQ# 40377720> Oldenburg PGP-Fingerprint: CB01 AE12 B359 87C4 BF1C 953C 8FE7 C648 169E E5FC Germany PGP-Public-Key available at pgpkeys.mit.edu -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/ _______________________________________________________________________ CONFIDENTIALITY NOTICE The information contained in this e-mail is intended only for the individual or entity to whom it is addressed. It may contain confidential and privileged information and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, please notify the sender and destroy and delete the message from your computer. _____________________________________________________________________ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/ -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>