> > Or is it just "hitting" -- making an hidden HTTP GET request of each > > token in the "ping" attibute? > > Right. Hidden HTTP POST request, as it happens, but yes. Oh, that really shouldn't be done via POST. Clicking a link should be safe and sending a POST as a side-effect is not safe.