Christian Szardenings wrote:
why do you recommend that? Is deleting by GET some kind of security
issue? Or is it just a 'usability' improvement (e.g. don't delete
'again' when user hits the back button) ?
I typically POST to /articles/delete, with id=>1234 as post data.
This gets you to the correct controller/action, and supplies via post
the unique credentials of the thing I wish to delete. There is
typically a redirect after this action, and a FlashMessage that
propagates via a session to the next screen as a recipt of what they
just did.
In most cases, a javascript "are you sure" confirmation suffices for me,
but some might wish to take it a step further and create an action for this.
-Ralph
