Is there a way to keep form.vars from displaying in the url? I am making a login form, and the vars showing in the url is not a problem if the user enters the correct username and password because they are not shown in that case. However, if the user enters the wrong password, the form does not sumbit, flashes "invalid password", but it displays the wrong password in the url as:
login?pword=lorenas&_formkey=248406418902&_formname=default The incorrect password entered was lorenas. Even though there is not a real security issue here, since that is the wrong password, and if the right password is entered, it is not displayed, I still can only image the flood of email I would get from users worried that their password is displayed or stored somewhere in plain text. Is there a way to hide this extra information with routes.py? Or should I be using something other that form.vars? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
