On Fri, Feb 8, 2008 at 7:24 AM, Michael Peters <[EMAIL PROTECTED]> wrote: > Stephen Carville wrote: > > > Seems to me it makes more sense to embed the session ID or any other > > tracking as hidden variables in a form and send it back as a POST. > > This assumes then that every request you make is now a post request. Which > means > not more <a> links, just forms. And this also breaks REST style apps (and > really > anything that tries to have meaningful HTTP semantics) since POST requests > are > for things that could change the data server-side and GET requests are for > anything that won't (idempotent). In this day and age you really have to > expect > your users to use cookies. I can understand people not wanting to be tracked > long term, but why should anyone object to memory-only cookies?
I see your point. I was thinking about a sequence of forms where catching a replay is important. Like changing passwords or entering financial information. Obviously the normally stateless HTTP documents don't need that. -- Stephen Carville ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
