Re: Re[2]: Rp.: Re: Rp.: Re: [Phplib-users] Doc suggestions
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: Re[2]: Rp.: Re: Rp.: Re: [Phplib-users] Doc suggestions
|
From: Guillaume D. <gde...@pr...> - 2002-07-09 10:06:59
|
> Ok, but what to do with hiddens in GET forms? SID is appended to the > URL anyway, from the action attribute or from a hidden field. > Amazon even do not use GET parameters - it injects the SID into > url in the way http://www.amazon.com/...path.../...SID../...etc... end > extracts SID from path. > There are a lot of ways to save SID in URL - one could use DNS tricks > (e.g. http://sessionID.www.server.com), PATH_INFO (like Amazon does), GET > parameters. All the tricks imply URL rewriting. > Of course, there's not a big deal to implement a POST fallback > method (I did) - you should rewrite all links to POST forms at the > server, or use client-side onClick event to generate POST forms from > links on the fly and really POST them instead of just following the > links. But I suppose It would be users' nightmare - the Back/Forward > buttons would become useless. Of course, SID should be included I'm totally agree with you. I just wanted to precise this particular point > GD> It's more clearly to write : <form action="toto.php" > method="post">><input type="hidden" name="SID" > GD> value="fdsfsdfdsfdfsfdsfsdf"> than to write <form > GD> action="toto.php?SID=dsfdsfsdfdsfdssf" method="post"> ... doing this > GD> works... but it's not a good way to program IMHO... mixing GET and POST > GD> variables in the same request... hurk... ;-) > > No one does. Unfortunately there are "morons" to do that... I've seen this kind of ugly code many times in web application (especially in caddy routine...) > Embedding hidden field with SID into any form (POST or > GET) is sufficient. Only local relative links (<a href=/some/page) and > redirects are usually being rewrote. I'm agree also.... |
