W3C home > Mailing lists > Public > public-evangelist@w3.org > June 2007

About redirections...

From: sebastian nielsen <sebastiannielsen@hotmail.com>
Date: Tue, 26 Jun 2007 16:47:00 +0000
Message-ID: <BAY106-W12FD22171FF632515F284DCD0B0@phx.gbl>
To: <public-evangelist@w3.org>
About this page: http://www.w3.org/QA/Tips/reback
A problem with the "standard" redirects is that they resubmit any information that are submitted to a page that redirects.
For example:
Page showing login form = A
Page where information is posted = B
Page that the user should go to after login = C (suppose this is a third party site)
The problem here, is that when a user logons with the form on page A, the data gets then sent as supposed to
page B. But then page B issues a "standard redirection" to page C. The browser will then resubmit the login
information to page C. This is not what a webmaster wants if the C-page is a third party page that only should get a "identifyer" that a user has logged in, not which username and password the user has on site B.
Some browser has a setting to turn off redirection for POST requests. But that setting completely disables the redirection HTTP codes for POST request which means that the user will see a error message, or a blank page, depending on which browser is used.
If META refreshes is used, the form information isnt redirected.
Skaffa nya Windows Live Messenger!
Received on Wednesday, 27 June 2007 18:12:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:16:20 UTC