LoginFormFormTag changes submission semantics

Status: Inactive

Brought to you by: robertsanders

LoginFormFormTag changes submission semantics

Forum: Open Discussion

Creator: Brett Knights

Created: 2004-08-21

Updated: 2004-08-21

Brett Knights - 2004-08-21

Hi,

There is a problem with LoginFormFormTag. Many times a web application uses the same url for the preparation for a form and for the submission for a form.

Case:
A person is trying to GET a form page that is protected by the SecurityFilter.
The filter redirects to the LoginForm which then POSTS the login information to the originally requested url. Posting the login is a good thing as it avoids having a password in the web log. BUT the receiving url now thinks it's getting a post without the required fields filled in.
There aren't any good ways around this without throwing in a hack.
IMO it would be better to post to a pseudo-url that would then redirect to the original url.

If the pseudo-url was under the protection path then jSai could invent it as the filter should be able to catch the attempted post.
I'd expect that the <jsai:loginForm> tags could also be configured to make the login page detect a post which could then redirect to the original url on a successful login.

HTH

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.