Redirects are used so that users don't encounter the resubmit warning by the browser when they refresh the page, and so that page refreshes don't result in the POST being resent to the server. While it's a smaller consideration when messages for invalid values are displayed, it's a bigger consideration in cases where you're displaying a success message (and must do a redirect for usability reasons - e.g. seeing a new URL as opposed to the servlet's URL, no browser warnings on refresh) - then you would use the redirect.
Passing the message in the request parameter (suggested by Mark) doesn't seem like the ideal solution, because (assuming a parameterized message based on submitted POST values) you'd need to pass the actual message in the query string. Not only would you have an ugly URL, but also someone could visit that page with their own message by changing the query string. Is there an ideal way to tell servlet S (one way I can think of is request attributes - anything else?) not to execute its filter when a redirect has been performed (i.e. to perform no further execution of its thread because the request has redirected away from it)? That way, am I correct to say you have a good solution - no race condition, no messages in query string, and you can use redirects as desired? Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mark, > > Mark Thomas wrote: >> lightbulb432 wrote: >>> I have a question about whether there is a race condition with the >>> following >>> technique for displaying messages across redirects. >> >> Yes there is. >> >>> If you submit a form with an invalid value on page P1 and the receiving >>> servlet S redirects to another page P2, you'd like page P2 to contain a >>> message saying "You entered an invalid value". You can only put the >>> value in >>> the session (not the request, because it's a redirect, not a forward), >>> with >>> session.setAttribute("message","You entered an invalid value"). >> >> Why not pass the information to P2 using a request parameter on the >> redirect? > > Or, better yet, why use a redirect at all? Then you don't have to mess > with the session. Most post/validate/error flows I've seen all execute > within the same request. Don't respond with a redirect; just redisplay > the input form with the error messages attached. Then you don't have to > worry about cleaning-up the session. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHBQtm9CaO5/Lv0PARAuSDAKChcVQ0+gSaJFR2AiS0mkUSx/DQkACfQTiz > tuGGrkCrYACJNp9QH6r87Ro= > =Kl2o > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Race-condition-with-values-displayed-across-redirects-tf4565759.html#a13043900 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]