W3C home > Mailing lists > Public > public-evangelist@w3.org > June 2007

About redirections...

From: sebastian nielsen <sebastiannielsen@hotmail.com>
Date: Tue, 26 Jun 2007 16:47:00 +0000
Message-ID: <BAY106-W12FD22171FF632515F284DCD0B0@phx.gbl>
To: <public-evangelist@w3.org>
About this page: http://www.w3.org/QA/Tips/reback
 
 
A problem with the "standard" redirects is that they resubmit any information that are submitted to a page that redirects.
For example:
 
Page showing login form = A
Page where information is posted = B
Page that the user should go to after login = C (suppose this is a third party site)
 
The problem here, is that when a user logons with the form on page A, the data gets then sent as supposed to
page B. But then page B issues a "standard redirection" to page C. The browser will then resubmit the login
information to page C. This is not what a webmaster wants if the C-page is a third party page that only should get a "identifyer" that a user has logged in, not which username and password the user has on site B.
 
Some browser has a setting to turn off redirection for POST requests. But that setting completely disables the redirection HTTP codes for POST request which means that the user will see a error message, or a blank page, depending on which browser is used.
 
If META refreshes is used, the form information isnt redirected.
_________________________________________________________________
Skaffa nya Windows Live Messenger!
http://get.live.com/messenger/overview
Received on Wednesday, 27 June 2007 18:12:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 15 July 2011 00:13:23 GMT