I have a simple form which accepts a username and a password. I have to use sendRedirect() method for the page to redirect to one page if log in is valid and to another if not. I need to use sendRedirect() and not forward() since the other pages are located in another server. I noticed that when using
response.sendRedirect(response.encodeRedirectURL("FileName.jsp?paramName=" +value));
the sendRedirect() is using the GET method since name=value are being shown in the URL. This is not desirable for me since I don't want these values to show in the URL for safety reasons.
Is there a way to POST these values using sendRedirect() ?
I tried to do a form with method POST which hides the values I need but still no luck
What can I do please? Thanks :)
No, it's not possible. The only (dirty) workaround I see is to forward to an internal page containing a hidden form (with method POST) and a JavaScript script submitting this form.
This is kinda old, but here I've succesfully run this:
response.setStatus(307); //this makes the redirection keep your requesting method as is.
response.addHeader("Location", "http://address.to/redirect");
See http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.8 for explanation of HTTP 307 status code.
use javascript
$('#inset_form').html('<form action="FlowService" name="form" method="post" style="display:none;"><input type="hidden" name="idapp" value="' + idApp + '" /></form>');
document.forms['form'].submit();
No, a HTTP redirect will always use GET for the target page.
However, POST data are not much safer than GET data anyway. The user can still tamper with them. Store them in the session instead.
Check out this once :
String url = "http://www.mysite/servlets/theServlet";
RequestDispatcher dispatcher = servletContext().getRequestDispatcher(url);
dispatcher.forward(request, response);
Use sendredirect without giving any parameters, and hide those parameters in a session-scoped servlet, and if you need those parameters in the redirected page, use them through this servlet.
