On Thu, Feb 17, 2000 at 12:12:47AM -0500, Nick Simicich wrote:
> At 06:33 PM 2/16/00 -0500, Gerald Oskoboiny wrote:
> >If you do this, please make sure the final step is done with an
> >HTTP POST, not a GET as I've seen various sites do lately.
> >
> >GETting a URL shouldn't have side effects, so if you implement it
> >as described above, the page returned by the first URL should
> >display a form with a button that can be POSTed to perform the
> >actual act of joining or leaving the list.
> >
> >An alternative is to include a small form in the email message so
> >the user can POST it directly with a single click.
>
> I can't possibly disagree with you more. A URL with some
> operands should be expected to do something. If you mark it,
> "click here to confirm", then they click here to confirm. Why
> make a user who can barely do one thing do two things? re we
> totally addiced to "Are you Sure?" boxes for everything?
You just need to make a form submit button say "Click here to confirm"
instead of a link, that's all.
> We are not writing mail for a browser here. I send my confirm
> URL's, tokens and all, as regular URLs, which default to get
> whe clicked on. If you click on a URL with a bunch of
> operands, why would you expect it not to do something?
Users shouldn't be expected to inspect the contents of URLs to
try to figure out what will happen before they click on them.
That's (one of) the reasons for the distinction between GET and
POST: the user interface is different, so users can get used to
the fact that POSTing something has side effects (like removing
them from a list), while simply following a hypertext link
doesn't.
--
Gerald Oskoboiny <[EMAIL PROTECTED]>
http://impressive.net/people/gerald/
