[whatwg] page refresh and resubmitting POST state

Mike Wilson mikewse at hotmail.com
Sun May 24 09:41:13 PDT 2009


Kornel Lesinski wrote:
> Is it possible for HTML 5 spec to say that browsers may 
> re-send PUT without asking?

It sounds like you are starting to agree with me that topics
like these could deserve a place in the HTML5 spec :-)

Aryeh Gregor wrote:
> On Sun, May 24, 2009 at 11:41 AM, Kornel Lesinski 
> <kornel at geekhood.net> wrote:
> > You store the data on server side, and redirect to URL that 
> > contains unique ID for this data.
> >
> > It's just a few lines in PHP (and similar solutions shuold 
> > be possible in all web frameworks):
> >
> > $id = uniqid();
> > $_SESSION[$id] = $_POST;
> > header("Location: [.]/result.php?id=$id",false,303);
> >
> > and later:
> >
> > $_POST = $_SESSION[$_GET['id']];
> >
> > This works even for multiple submissions done in parallel 
> > and it's pretty
> > secure and tamper-proof.
> 
> That does seem like a pretty good solution.  Perhaps Mike Wilson can
> point out the problems with it.

In an earlier mail I was referring to this solution as 
"conversation id in URL", and yes, there are drawbacks
with this as well.

Best regards
Mike




More information about the whatwg mailing list