david-b at pacbell.net
Thu Jun 24 21:59:25 BST 1999
John Cowan wrote:
> Richard Tobin wrote:
> > > That *is* supposed to be a rule: that you can GET the same URL
> > > as many times as you want with no changes. Otherwise caching
> > > would not work.
> > Surely the whole mechanism of HTTP "if-modified-since" and "expires"
> > headers exists because this is not true?
> I overstated my case. What I meant was that the *very act* of
> doing a GET is not supposed to change anything. Obviously the
> *result* of doing a GET may change over time.
Correction appreciated ... :-)
To nuance it just a bit more: GET is supposed to repeatable
pretty much any way a web user agent wants, so it must meet two
(a) be "idempotent" ... the cache control and conditional
get facilities don't fight that (very much) if you
consider examples like getting balances or quotes;
(b) not involve an action involving accountability ... so
it's extremely unhealthy to use a "GET" to purchase
something on-line, or sign a document, etc.
See the HTTP/1.1 specification for the details. (I don't think
it mentions the security risks of having sensitive data living
in query params, though -- it can be logged and passed to other
web sites through "Referer" header fields.)
With respect to identity -- yes, what something "is" appears to
be a function of what you're trying to do with it. If all you've
got is a hammer, everything's a nail (as they say). A POST to a
URL, or a PUT, can give different results than a GET to it. It'd
be bad to settle on a notion of identity that assumes only GET is
used on the web!
xml-dev: A list for W3C XML Developers. To post, mailto:xml-dev at ic.ac.uk
Archived as: http://www.lists.ic.ac.uk/hypermail/xml-dev/ and on CD-ROM/ISBN 981-02-3594-1
To (un)subscribe, mailto:majordomo at ic.ac.uk the following message;
To subscribe to the digests, mailto:majordomo at ic.ac.uk the following message;
List coordinator, Henry Rzepa (mailto:rzepa at ic.ac.uk)
More information about the Xml-dev