Why don't you just handle it by putting something in their session saying that they filled out the form correctly, and write a downloader servlet that looks for that something, and will only send them the bits if they've filed out the form? Writing a servlet to send a file is pretty darned trivial. Writing one that knows something about session state is also pretty darned trivial.
This would look something like: /downloads/send/filename ...where you have a downloads webapp with a send servlet that exhibits the above characteristics. The filename could be gotten from the path info as shown here, or you could just use a query string, too. It sounds like the issue you're having is trying to get the built-in file-serving servlet to do something it wasn't intended to do, rather than writing some code to do it for you. Hope this helps... -Ian On Thursday, July 11, 2002, at 09:58 AM, Eddie Bush wrote: > If you make them login, you could put a security constraint on your > downloads directory. That would pretty well seal it up, I believe =) > > HTH, > > Eddie > > Kevin Passey wrote: > <snip> > >> But if I create a directory called "downloads" and put the file in >> there - >> what's to stop someone just typing the folder URL and grabbing the >> file? >> > <snip> > > > -- > To unsubscribe, e-mail: <mailto:tomcat-user- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:tomcat-user- > [EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>