Re: [undertow-dev] FormAuthentication -> handleRedirectback method

Thinking further, this may inhibit a case of cookie injection that hacks the location url. After form authentication, the server blindly redirects to the location read from the cookie. On 12/19/2013 11:24 AM, Anil Saldhana wrote: > >Also no path is being set on the cookie. If user is using more than one > >web app with FORM authentication > >on the same server, this may wreck havoc. > > > >On 12/19/2013 11:02 AM, Anil Saldhana wrote: >> >>Stuart, >> >> I am unsure it is right to use cookies to remember the form redirect >> >>url. Traditionally, web containers (Tomcat and Jetty) have used http >> >>session to remember the redirect url. >> >> >> >>If an user has turned off cookies, then it may not work. >> >> >> >>Regards, >> >>Anil > >