stephen.carville at gmail.com
Thu Mar 6 16:15:57 EST 2008
On Fri, Feb 8, 2008 at 7:24 AM, Michael Peters <mpeters at plusthree.com> wrote:
> Stephen Carville wrote:
> > Seems to me it makes more sense to embed the session ID or any other
> > tracking as hidden variables in a form and send it back as a POST.
> This assumes then that every request you make is now a post request. Which means
> not more <a> links, just forms. And this also breaks REST style apps (and really
> anything that tries to have meaningful HTTP semantics) since POST requests are
> for things that could change the data server-side and GET requests are for
> anything that won't (idempotent). In this day and age you really have to expect
> long term, but why should anyone object to memory-only cookies?
I see your point. I was thinking about a sequence of forms where
catching a replay is important. Like changing passwords or entering
financial information. Obviously the normally stateless HTTP
documents don't need that.
More information about the cgiapp