Monkeyden said: > Sorry George, I misread one of the previous posts in my > response to yours. You're correct. JSP is not the place for > this type of authentication/validation, although I don't know > that I would want everything to ActionServlet handles to > require a referer. I dont suspect that spiders typically > pass a referer. If true, a public Struts site would never > get indexed had a referer been required for all ActionServlet > requests.
No, I wouldn't use referer for anything other than returning to a page after intercepting an request (for login, perhaps). I'm just suggesting having a filter in front of the pages that require login and have it check the user's session for the appropriate credentials for the page. - George http://www.idiacomputing.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]