At 02:58 AM 9/17/2004, Gordon JC Pearce wrote:
Now, if you want the server to have some idea of where
a given client has come from *within your own site*, you can either fake it with hidden
form fields (not always possible, but worth a try), a big long identifier in the GET
request (ugly, and prone to error)
And those big long GET/PUT make it much easier for a sniffer on
your network (or along your path) to see your identifiers. :-)
I was travelling a minor auction site the other day, and noticed
that it was keeping state - including my password, in plaintext -
in its stateful URL.
- John