* Terrence Brannon <[EMAIL PROTECTED]> [2005-09-04 03:15]:
> To me, that means "no cookies". But your discussion of 401 and
> 403 would imply such a mechanism for recognizing who made the
> request?

I do (still?) use cookies.

I’m still learning. :-) And several of my apps are already
modelled the “old” way. I’m rolling them over slowly.

Just two weeks or so ago I mentioned an URL `/edit/user/12` on
this list; now that is `/user/12?view=edit`, with the POST going
to `/user/12`.

I’ve found that following REST principles (even only partially)
has made the HTTP-side interface of my apps self-evident.
Previously, I guessed a lot. Now, the separations are obvious.
I like that.

401 vs 403 still holds, though – it would apply just the same if
I used HTTP authentication. (Ie no auth headers => 401, auth
headers for an account with insufficient permissions => 403.)

Aristotle Pagaltzis // <http://plasmasturm.org/>

SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
cgi-prototype-users mailing list

Reply via email to