On Sat, Jul 11, 2009 at 7:21 PM, Tres Seaver<tsea...@palladion.com> wrote:
> Iain Duncan wrote:
>> At the moment I'm going for adding the message to the redirect url as a
>> get var, ugly but easy to scale. If anyone has other suggestions for how
>> to pass it on through the HTTPFound object, I'd love to hear them. I'm
>> pretty happy that the get var method requires no sessions or cookies
>> though, and it really doesn't look all that odd:
>> /pet/1/edit?_msg="Your+changes+have+been+saved"
> You might look at the approach used by the 'statusmessages'[1] product
> for Zope2:

Since I wrote that package I might just as well state the main reason,
why Plone moved from GET variables to cookies:

Some people felt that being able to forge links like:
/front-page?_msg="Your+site+has+been+hacked+immediately+call+911 was a
security issue. Unless someone does something stupid, this is only a
social hacking problem, but it still can be seen as a problem.

We did have some concerns with internationalization of these messages
as well, but later found that the view/form/controller issuing the
message in almost all cases knows the language the target page should
be displayed in and thus can do the message translation itself.

Repoze-dev mailing list

Reply via email to