|
Posted by Joseph S. on 10/22/32 11:28
> Well, the pain of passing variables between pages is less than that of
> dealing with session issues. If you bundle the search criteria in an
> associative array, appending them to a URL isn't that hard.
>
> I'm mentioning this because I use Firefox's tabs extensively. Given a
> list of search results I'd almost inevitably center-click on the items
> of interest to view them in separate tabs (so I can quickly jump
> between them). Using session for passing variables would lead to very
> odd behaviors in this scenario.
I was taking the line Bob was - sessions for better security - till I
read your explanation about why GET is useful - bookmarking, users not
repeating searches etc. Very correct,indeed. But people learn how to
rewrite urls quite easily these days. For example you will have so many
people writing
http://www.google.com/search?my+search+term&hl=en while referring to
specific searches. How does one handle security in such cases. Yes,
encypted cookies stored on the users computer seem to be the best. Am I
right here?(or are there loopholes here as well?) What I can make out
from the two counterpoints is that if you have a section of your site
that gives just information and users need to enter parameters (and
naturally, returning users need to remember searches and bookmark
pages), use GET for that section, whereas, for the section where you
have to accept payments, use POSTs. What do you think?
Also, I have a related problem: even for a POST, Firefox(which is my
favorite as well) displays
http://mysite.com/myfile.php?PHPSESSID=28dfec3d14422ddfd38a0b096bb73d05
in the URL which is disturbing to say the least after you've spent a
lot of time making a session-oriented application.
What do you to prevent that?
Open to ideas and suggestions,
Regards,
Joseph S.
Navigation:
[Reply to this message]
|