-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bill,
Bill Barker wrote:
> Tomcat always sends a 302 redirect when response.sendRedirect(newURL); is
> called. However, a lot of user-agents wrongly follow the redirect with a
> GET when the initial request was a POST.
Actually, this behavior is basically grandfathered-into the HTTP
specification. See section 10.3.3 of the HTTP/1.1 spec:
"If the 302 status code is received in response to a request other than
GET or HEAD, the user agent MUST NOT automatically redirect the request
unless it can be confirmed by the user, since this might change the
conditions under which the request was issued.
Note: RFC 1945 and RFC 2068 specify that the client is not allowed
to change the method on the redirected request. However, most
existing user agent implementations treat 302 as if it were a 303
response, performing a GET on the Location field-value regardless
of the original request method. The status codes 303 and 307 have
been added for servers that wish to make unambiguously clear which
kind of reaction is expected of the client.
"
Since the servlet specification does not say which redirection code
should be used with response.sendRedirect (though it is pretty much
always implemented as a 302), you will have to use response.setHeader
and response.sendError with the code you prefer. I'm pretty sure you
want to use either 303 or 307 and not 302 due to its inconsistent
implementation.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHNyTx9CaO5/Lv0PARAgb6AKCI3eiqPBM2IQ8+XfUwxH4yNGT85QCeIGF2
G1vMEtBhAU+nJVClTOPU9JQ=
=7PAC
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
