-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Crowther wrote:
|> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
|>
|> Tomcat goes out of its way to save the POST body. Here's the code
|> from FormAuthenticator
|
| [elided]
|
|> This method is called before the login form is sho
> From: Christopher Schultz [mailto:[EMAIL PROTECTED]
> Peter Crowther wrote:
> |> From: J. Zach [mailto:[EMAIL PROTECTED]
> |>
> |> When page2.jsp is secured in web.xml via security-constraint
> |> - transport
> |> confidential, the posted data from page1.jsp is lost on
> |> submit (it's simply mi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter,
Peter Crowther wrote:
|> From: J. Zach [mailto:[EMAIL PROTECTED]
|>
|> When page2.jsp is secured in web.xml via security-constraint
|> - transport
|> confidential, the posted data from page1.jsp is lost on
|> submit (it's simply missing missin
I would add if you are serious about customer confidence in your site,
the form should be encrypted on SSL in addition to the form's target. I
for one would simply go somewhere else if I was asked to enter payment
info and the form page wasn't encrypted.
--David
Peter Crowther wrote:
From:
Yeah, like Peter says. The original form is what should be under SSL,
presumably.
Chad
> From: [EMAIL PROTECTED]
> To: users@tomcat.apache.org
> Date: Mon, 3 Mar 2008 09:17:31 +
> Subject: RE: post data lost when redirecting from http to https
>
> > From: J. Zach [ma
> From: J. Zach [mailto:[EMAIL PROTECTED]
> I have an jsp page page1.jsp with a form
>
> ...
>
> When page2.jsp is secured in web.xml via security-constraint
> - transport
> confidential, the posted data from page1.jsp is lost on
> submit (it's simply missing missing in the request).
That's expect
