[thelist] CF: CFHHTP Problem

.jeff jeff at members.evolt.org
Thu Jan 17 17:07:12 CST 2002


frank,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Frank
>
> > i think you may be confused by what <cfhttp> actually
> > does.
>
> Yes, it would appear so.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

i thought as much.  has some of my explanations helped in that regard?

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> > this will occur sometimes when you're performing a
> > cflocation to a destination that has the same address
> > as the original document containing the cflocation.
> > this is most commonly exhibited in nn3/4.
>
> That would seem to be the case. I was posting a form
> using POST, and then upon reload, cflocating after in
> insert.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

ok, is the url the same for in the cflocation as it is from the page that
the form is posted from?  if so, this is where your problems lie.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> It was a switch over from POST to GET that got me the
> 302. (Which the latest version of NN and IE both choked
> on [as they should]).
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

actually, i can't ever recall having that problem with ie, only nn4.  fwiw,
it has zero to do with switching from one request method to another.  lemme
draw out how the request works.

 get:   page_with_form.cfm
        - user fills out form
        - user clicks submit button
        - form is posted
post:   page_that_does_insert.cfm
        - data is validated
        - data is inserted
        - cflocation to page_with_form.cfm
            which sends a 302 object moved,
            the url of the new document, and
            halts further execution of the template
            page_that_does_insert.cfm
[this is where nn4 is choking cause when it sees the 302 object moved it
should perform the redirect automatically]
get:    page_with_form.cfm
        - browser automatically follows the
          302 object moved and requests the
          page defined in the location header.

notice the browser is actually making two requests (first the post, then the
get) to get back to page_with_form.cfm.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> Can you (or someone, anyone) offer a way of creating a
> redirect that uses POST, rather than GET while
> permitting the passing of form.variables?
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

you're going to hate this ... you can't perform a redirect *and* post form
data, presumably because that could be used to compromise the user's
security.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> The reason I would prefer this as an option is that I've
> always felt that an app that suddenly displays a big-ass
> ugly URL in the middle of what is typically an elegant
> app is uncalled for. It does as well have a modicum of
> security added insofar as making the would-be hacker go
> an extra step before altering values passed between
> scripts. Internally used variables should never appear
> in the URL bar if it can be avoided.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

i can agree with most of what you're saying.  however, this begs a couple of
questions.  how do you handle regular navigation between different sections
of the site?  does every user action perform a post?  or, do only certain
actions?

additionally, how do you handle maintaining sessions?  do you rely on
cookies?  what if the user doesn't support cookies?  do you then use the url
to pass the session identifier around?

in all honesty, i don't think you're going to get around passing things in
the url.  the best you can do is try to keep it as short as possible.  the
*shortest* i've been able to create are done using directory-style query
strings (http://www.mtbachelor.com/ -- yes, the directory paths are query
strings values, not actual directories.  this is *not* a static html site.)

good luck,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/






More information about the thelist mailing list