Magic? Actually, you could use URL-rewriting or hidden forms, but anybody
using your page could change the value from 0 to 1 to fool your code
into thinking they'd logged on. They could also do the same with a cookie
if they reverse engineered your cookie data (which is not hard). Best to
use
Williams [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 8:17 PM
To: Tomcat Users List
Subject: Re: Implementing a Login procedure, but avoiding
cookies/session
Magic? Actually, you could use URL-rewriting or hidden forms, but
anybody using your page could change the value from 0 to 1
Anson,
If cookies are disabled, Tomcat uses URL rewriting to store the session ID.
When you encode URLs you need to to use special methods to support this
feature. These methods are defined in HttpServletResponse and are:
String encodeURL(String url)
String encodeRedirectURL(String url)
Thanks chris I think I know what to do now..thanks!! =)
-Original Message-
From: Christopher Williams [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 9:53 PM
To: Tomcat Users List
Subject: Re: Implementing a Login procedure, but avoiding
cookies/session
Anson