> > Jan suggested that I might be using GET. What I *don't* want to do is get the > webmasters upset enough that they change how the sites use security. I don't > know how it all works, and I have no idea if they can tell, but I'm just not > going to push my luck and spoil things for myself or others. Just a little insight into some simple site security techniques and why both a get and post request may both be returning data from a site. Depending on the site, it is posible that a single page will receive both get and post requests. It is a fairly common technique in ASP pages to have a single page responsible for Login, Data Entry and confirmation. (and each submit posts back to the same page) Each flavour of the page is return depending on the request type, and the value of the submit button. Normally if a get request is received or a post with an unknown form value, the login page should be returned. Another technique is to test the HTTP_REFERER value, if it does not match the existing page, the server will respond with the login part of the page. If you suspect this is happening create your own header with the correct HTTP_REFERER value, before doing the post. Cheers, Allen K
