[7068] in www-talk@info.cern.ch
Re: Resubmitting POSTS (Was Re: Proxies changing POST to GET?)
daemon@ATHENA.MIT.EDU (Joel Crisp)
Sat Dec 31 18:30:40 1994
Date: Sun, 1 Jan 1995 00:15:22 +0100
Errors-To: listmaster@www0.cern.ch
Reply-To: Joel.Crisp@bristol.ac.uk
From: Joel Crisp <Joel.Crisp@bristol.ac.uk>
To: Multiple recipients of list <www-talk@www0.cern.ch>
> From www-talk@www0.cern.ch Wed Dec 21 09:30 GMT 1994
> Date: Wed, 21 Dec 1994 10:23:42 +0100
> Originator: www-talk@info.cern.ch
> From: Mark J Cox <M.J.Cox@bradford.ac.uk>
> To: Multiple recipients of list <www-talk@www0.cern.ch>
> Subject: Resubmitting POSTS (Was Re: Proxies changing POST to GET?)
> X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
> X-Comment: To sign off, send mail to listproc@info.cern.ch with body DEL
> WWW-TALK
> Mime-Version: 1.0
> Mime-Version: 1.0
>
> Ari Luotonen wrote:
> > This is because some clients don't use POST correctly when reloading the
> > page, but use GET instead; NCSA Mosaic definitely has this bug,
>
> This implies that reloading a page should POST the original data again:
> not such a great idea if a user has just submitted an order and ends up
> making several identical orders.
However, resubmitting the data IS a good idea if the first submit fails
because of authentication. For a long time there has been a bug in
several browsers which flushes POST data after the first transaction,
and fails to re-send it with the authentication data. I believe that
this has now been fixed in NCSA Mosaic.
POST is also much more suited to uploading LARGE sets of data - I believe
the total length of a GET URL is limited to 512 (?) characters.
>
> The HTTP spec gives a number of example uses for the POST method including
> annotation, posting a message, submitting a block of data - things you
> would only want to do once. Usually the method=GET is used when you
> don't mind having the same thing submitted multiple times with a reload.
>
> It isn't in any specs, so what is the expected action?
>
> Do a GET on the same URL? (broken browsers do this now)
> Disable the ability to Reload the page?
> Ask the user if they want to resubmit the POST? (Netscape now does)
> Resubmit the Post anyway? (Netscape used to)
>
> In the latter case sites that accept forms will have to watch out for
> identical copies or implement some hidden session numbers.
>
> Mark
> Mark J Cox ---------------------- URL:http://www.eia.brad.ac.uk/mark.html
> University of Bradford, UK --------------- tel +44.1274.384070/fax 391333
>
>
Joel
