On Sat, Jul 11, 2009 at 7:21 PM, Tres Seaver<tsea...@palladion.com> wrote: > Iain Duncan wrote: >> At the moment I'm going for adding the message to the redirect url as a >> get var, ugly but easy to scale. If anyone has other suggestions for how >> to pass it on through the HTTPFound object, I'd love to hear them. I'm >> pretty happy that the get var method requires no sessions or cookies >> though, and it really doesn't look all that odd: >> >> /pet/1/edit?_msg="Your+changes+have+been+saved" >> > You might look at the approach used by the 'statusmessages'[1] product > for Zope2:
Since I wrote that package I might just as well state the main reason, why Plone moved from GET variables to cookies: Some people felt that being able to forge links like: /front-page?_msg="Your+site+has+been+hacked+immediately+call+911 was a security issue. Unless someone does something stupid, this is only a social hacking problem, but it still can be seen as a problem. We did have some concerns with internationalization of these messages as well, but later found that the view/form/controller issuing the message in almost all cases knows the language the target page should be displayed in and thus can do the message translation itself. Hanno _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
