- From: Koen Holtman <koen@win.tue.nl>
- Date: Wed, 30 Aug 1995 11:39:49 +0200 (MET DST)
- To: Dave Kristol <dmk@allegra.att.com>
- Cc: koen@win.tue.nl, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Dave Kristol:
>
>koen@win.tue.nl (Koen Holtman) wrote:
[... about the meaning of `idempotent'....]
> > >From this, I read that:
> > - GET and HEAD are defined to be the idempotent methods
> > - idempotent means `safe'.
>
>Sorry to be a pain, but what do you mean by "safe"? This is the
>philosophical vs. operational divide. The definition so far has been
>operational: GET and HEAD are idempotent; they have no side-effects.
My operational definition is: GET and HEAD are idempotent.
The `no side-effects' in the spec is also a philosophical statement, see the
last paragraph of the `idempotent methods' section. A side effect like
incrementing a page counter is allowed.
> What is the
>philosophical definition, in the context of WWW?
The philosophical definition of `idempotent' is: if I let my browser issue a
non-idempotent request on an URI, I can expect to get no side effects that
have an unexpected significance to me or others.
What this means is that server administrators may not put scripts that send
mail, post news, cause products to be ordered, cause me to be subscribed to
a mailing list, behind idempotent URI's. Such scripts should be put behind
non-idempotent URI's.
The main reasoning behind this philosophical definition is:
If www.blah.com puts an `auto-subscribe to our junkmail list` function
behind a GET in http://www.blah.com/iwantjunkmail, some joker om foo.edu
will start putting <img src=http://www.blah.com/iwantjunkmail> on
a totally unrelated page like http://foo.edu/~joker/barney.html.
>Dave Kristol
Koen.
Received on Wednesday, 30 August 1995 02:44:55 UTC