[cgiapp] Persistence

[Stephen Carville]

On Fri, Feb 8, 2008 at 7:24 AM, Michael Peters <mpeters at plusthree.com> wrote:
> Stephen Carville wrote:
>
>  > Seems to me it makes more sense to embed the session ID or any other
>  > tracking as hidden variables in a form and send it back as a POST.
>
>  This assumes then that every request you make is now a post request. Which means
>  not more <a> links, just forms. And this also breaks REST style apps (and really
>  anything that tries to have meaningful HTTP semantics) since POST requests are
>  for things that could change the data server-side and GET requests are for
>  anything that won't (idempotent). In this day and age you really have to expect
>  your users to use cookies. I can understand people not wanting to be tracked
>  long term, but why should anyone object to memory-only cookies?

I see your point.  I was thinking about a sequence of forms where
catching a replay is important.  Like changing passwords or entering
financial information.  Obviously the normally stateless HTTP
documents don't need that.

--
Stephen Carville