* Terrence Brannon <[EMAIL PROTECTED]> [2005-09-04 03:15]: > To me, that means "no cookies". But your discussion of 401 and > 403 would imply such a mechanism for recognizing who made the > request?
I do (still?) use cookies. I’m still learning. :-) And several of my apps are already modelled the “old” way. I’m rolling them over slowly. Just two weeks or so ago I mentioned an URL `/edit/user/12` on this list; now that is `/user/12?view=edit`, with the POST going to `/user/12`. I’ve found that following REST principles (even only partially) has made the HTTP-side interface of my apps self-evident. Previously, I guessed a lot. Now, the separations are obvious. I like that. 401 vs 403 still holds, though – it would apply just the same if I used HTTP authentication. (Ie no auth headers => 401, auth headers for an account with insufficient permissions => 403.) Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ cgi-prototype-users mailing list cgi-prototype-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cgi-prototype-users