GETs and POSTs are defined to be fairly different actions. I'd read 
http://www.w3.org/DesignIssues/Axioms.html, which is stated to be Tim 
Berners-Lee's personal opinion, but I suspect is fairly close to how 
many others in the HTTP standards community see it. GETs are for 
requests that will not change the resource in question (and can be 
safely bookmarked), POSTs are for requests that will change something 
(and should not be bookmarked).

I have to say, also, that putting session variables into the query 
string causes all sorts of problems for people who are using URIs to 
track resources. For example, if you had two URIs that point to the 
same story but for different users:

http://mysite.com/story.rhtml?story=1234&session=kjasdfhjkasdfghj
http://mysite.com/story.rhtml?story=1234&session=uiyqwrejhbvzxc

then this makes it much harder for anybody who's trying to use URIs to 
track resources. The two URIs above point to pretty much the same 
resource, but there's really no generic way for software to know that.

For example, Technorati uses URIs to track discussions about blog 
posts, so using those session ids in the query string will cause it to 
have problems identifying the two URIs as the same item. Similarly, I 
use referrer logs to roll my own "trackbacks", so that people visiting 
my blogs can have pointers to sites that are talking about the blog 
entry in question. Putting session ids in URIs causes this task to be 
significantly slower.

The best rule of thumb about URI design, and POSTs vs. GETs is: Can 
this be bookmarked and emailed to a friend? If session ids encapsulate 
personal info (shopping cart, personal preferences, etc.) then they 
shouldn't be in a GET query string. What happens if I email an article 
about a resource to a friend, he clicks on the link and the site says 
"Welcome Francis"?

Francis Hwang
http://fhwang.net/




On Dec 22, 2004, at 9:38 PM, mde / state26.com wrote:

> First of all, I think it would be great, as Eustaquio suggests, to
> be able to distinguish between CGI GET and POST vars.
>
> However, having said that, as a Web programmer who started
> work mostly with ASP/PHP and now work with Ruby and Perl,
> I have to say that the biggest deficiency in cgi.rb is that
> using POST method makes variables disappear completely from
> the query string of the processing file (i.e., the "action"
> property of the Web form).
>
> It is common practice in Web programming to pass non-changing
> values (like a session ID) around on the query string in an
> automated fashion, even if posting a form (e.g.,
> <form method="POST" action="proc.rbx?sessionid=adsfasdf2112">).
>
> In the Web programming languages that a lot of people start out
> on, there is one single place to look for all data coming back
> to the processing page (PHP's $_REQUEST and ASP's Request).
> This is farily intuitive, and only becomes an issue when
> you make the bonehead mistake of using two identically named
> variables -- and as long as rules of precence are documented
> (i.e., GET before POST), it's not usually a big issue, in
> my experience.
>
> I have a feeling there will be more and more Web programmers
> like me who will be trying out Ruby, and unless there is some
> specific reason to make it an exclusive 'either/or' choice,
> it might be nice if cgi.rb acted as intuitively for Web
> programmers as the rest of Ruby does.
>
> Again, I think Eustaquio has a good idea -- but for me the
> biggest issue is that vanishing query string.
>
> bollowing is a patch I've been using for awhile with cgi.rb
> languages
> to keep query string variables from disappearing when I use a
> POST. I'd love to know if there's a better or 'more Rubyish'
> way to do it.
>
> Thanks.
>
>
> Matthew
>
> --- cgi.rb      2004-11-01 17:49:15.000000000 -0600
> +++ cgi.rb.new  2004-12-22 22:30:00.000000000 -0600
> @@ -1102,24 +1102,28 @@
>          @multipart = true
>          @params = read_multipart(boundary, 
> Integer(env_table['CONTENT_LENGTH']))
>        else
> -        @multipart = false
> -        @params = CGI::parse(
> -                    case env_table['REQUEST_METHOD']
> -                    when "GET", "HEAD"
> -                      if defined?(MOD_RUBY)
> -                        Apache::request.args or ""
> -                      else
> -                        env_table['QUERY_STRING'] or ""
> -                      end
> -                    when "POST"
> -                      stdinput.binmode if defined? stdinput.binmode
> -                      
> stdinput.read(Integer(env_table['CONTENT_LENGTH'])) or ''
> -                    else
> -                      read_from_cmdline
> -                    end
> -                  )
> +          allparams = ''
> +            case env_table['REQUEST_METHOD']
> +              when "GET", "HEAD", "POST"
> +                if defined?(MOD_RUBY)
> +                  allparams += (Apache::request.args or '')
> +                else
> +                  allparams += (env_table['QUERY_STRING'] or '')
> +                end
> +                if env_table['REQUEST_METHOD'] == 'POST'
> +                  if not allparams.empty?
> +                    allparams += '&'
> +                  end
> +                  stdinput.binmode if defined? stdinput.binmode
> +                  allparams += 
> (stdinput.read(Integer(env_table['CONTENT_LENGTH'])) or '')
> +                end
> +              else
> +                allparams = read_from_cmdline
> +              end
> +          @multipart = false
> +          @params = CGI::parse(allparams)
>        end
> -
> +
>
>        @cookies = CGI::Cookie::parse((env_table['HTTP_COOKIE'] or 
> env_table['COOKIE']))
>      end
>      private :initialize_query
>
>
>
>
>
>