on 1/21/02 1:01 AM, "Gareth Coltman" <[EMAIL PROTECTED]> wrote:
> Agreed, but the problem here is not with people going back to pages they > have been to before, but rather going back to actions, which of course > resubmits them. > > Users think that if I am on a page, and I click a button, and it takes me to > another page, that this new page is placed in the history. But that's not > what happens - actually the action that resulted in the user ending up at > said page ends up in the history. That's what we are trying to avoid. If the data that is required to submit the action is not in the URI (as a result of POST), then the action won't execute if you code it properly. > I don't see how a redirect is any more insecure. It would obviously increase > traffic per user - and on a high volume site this could be problematic. That isn't what I was referring to regarding security. Back in the day (and still today), people often use redirects to a 'hidden' url in order to establish security and that is what I was referring to. -jon -- Standard rules apply: Ask any questions, and you get the job. ;-) -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
