in reply to How can I prevent login information from appearing in the URL?
Try using a POST and a cookie: once they log in through
a POST request (which has no information in the URL), set a
cookie with the login information. Then, on subsequent pages,
you can still use simple HREF's to go to other scripts,
and the login information will be sent via the browser, but
not show in the URL. If you are not using cookies, just
continue to use POST and throw the login information
into a hidden form. A smart script would even figure out
if you are using cookies and write the page with
either normal HREF's or POST-HIDDEN-SUBMIT combos.
|