Redirects are used so that users don't encounter the resubmit warning by the
browser when they refresh the page, and so that page refreshes don't result
in the POST being resent to the server. While it's a smaller consideration
when messages for invalid values are displayed, it's a bigger consideration
in cases where you're displaying a success message (and must do a redirect
for usability reasons - e.g. seeing a new URL as opposed to the servlet's
URL, no browser warnings on refresh) - then you would use the redirect.
Passing the message in the request parameter (suggested by Mark) doesn't
seem like the ideal solution, because (assuming a parameterized message
based on submitted POST values) you'd need to pass the actual message in the
query string. Not only would you have an ugly URL, but also someone could
visit that page with their own message by changing the query string.
Is there an ideal way to tell servlet S (one way I can think of is request
attributes - anything else?) not to execute its filter when a redirect has
been performed (i.e. to perform no further execution of its thread because
the request has redirected away from it)? That way, am I correct to say you
have a good solution - no race condition, no messages in query string, and
you can use redirects as desired?
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Mark,
>
> Mark Thomas wrote:
>> lightbulb432 wrote:
>>> I have a question about whether there is a race condition with the
>>> following
>>> technique for displaying messages across redirects.
>>
>> Yes there is.
>>
>>> If you submit a form with an invalid value on page P1 and the receiving
>>> servlet S redirects to another page P2, you'd like page P2 to contain a
>>> message saying "You entered an invalid value". You can only put the
>>> value in
>>> the session (not the request, because it's a redirect, not a forward),
>>> with
>>> session.setAttribute("message","You entered an invalid value").
>>
>> Why not pass the information to P2 using a request parameter on the
>> redirect?
>
> Or, better yet, why use a redirect at all? Then you don't have to mess
> with the session. Most post/validate/error flows I've seen all execute
> within the same request. Don't respond with a redirect; just redisplay
> the input form with the error messages attached. Then you don't have to
> worry about cleaning-up the session.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHBQtm9CaO5/Lv0PARAuSDAKChcVQ0+gSaJFR2AiS0mkUSx/DQkACfQTiz
> tuGGrkCrYACJNp9QH6r87Ro=
> =Kl2o
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Race-condition-with-values-displayed-across-redirects-tf4565759.html#a13043900
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
