tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas PrieƟ ...@metaphysis.net>
Subject Re: [OT] GET-then-redirect 'reload' behavior
Date Sat, 07 Apr 2007 13:24:48 GMT
Zitat der eMail vom 06.04.2007 um 12:41 Uhr:
> I recently discovered that a redirect-after-GET does not offer this
> protection. I have a link on one page that duplicates the current
> record, then does a redirect to the "view record" page displaying the
> new record.

> Any other ideas or thoughts?

As far as I know, with this kind of action performed on a GET request,
you always have the possibility of unintentionally duplicated records.

I think the HTTP spec says that there should be _no_ change of status
performed on a GET request - GET should alwasy be repeatable without
danger. For actions like yours, that's what other HTTP commands like
POST and PUT are for.

Because of that, some browser or cache utility may always prefetch pages
reachable per GET request - resulting in unwanted action on your side.
Even search engines will trigger actions if such a page is public. Or
think of someone setting up a local search engine also...

Just keep that in mind or correct me if I'm wrong.


Andreas

Mime
View raw message