[Catalyst] How to detect if the current form request is a post?
David Dorward
david at dorward.me.uk
Wed Apr 1 13:12:22 BST 2009
kakimoto at tpg.com.au wrote:
> Read my response. I said
>
> 1) POST is the prefered method
>
Not according to the standard. Everything has its place.
> 2) using GET for a content sensitive site like an online banking site is
> bad. I m sure you would not want to have people book marking your
> session ID , or worst, the user credentials used to login and access
> certain pages which are private to the authorised user.
>
The session id shouldn't be in the URI, that's what cookies are for.
Authentication credentials are an exception to the normal guideline.
But everything else? Why shouldn't I bookmark the "latest transactions"
page of my credit card account? Or the "Give me a form so I can pay my
electricity bill" page?
--
David Dorward
More information about the Catalyst
mailing list