Re: FormWizard - GETs on all but last step?
On Tue, Jul 1, 2008 at 9:00 PM, Waylan Limberg <[EMAIL PROTECTED]> wrote: > > On Tue, Jul 1, 2008 at 8:28 PM, Arien <[EMAIL PROTECTED]> wrote: >> >> On Tue, Jul 1, 2008 at 6:10 PM, Waylan Limberg <[EMAIL PROTECTED]> wrote: >>> >>> On Tue, Jul 1, 2008 at 5:59 PM, David Durham, Jr. >>> <[EMAIL PROTECTED]> wrote: Nice thing about GETs is that users aren't confronted with the dreaded "Data was submitted with POST" confirmation, which is confusing to most people and usually not tested. Basically you end up breaking the back button and the reload button. >>> >>> Um, this is intentional and a good thing. If you read the spec, not >>> only is the difference between GET and POST defined, but the way user >>> agents (browsers) should treat them is defined as well. Breaking the >>> back & reload buttons is a requirement of the spec to, among other >>> reasons, avoid multiple posts by impatient (or double-clicking) users. >>> Granted, browsers could provide more helpful messages, but we want >>> that behavior for POSTing data. >> >> What specification requires this? >> > A number of them actually. To name a few: > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9 > http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.13 > http://www.w3.org/2001/tag/doc/whenToUseGet.html > > A decent summary of the issues are found here: > http://www.cs.tut.fi/~jkorpela/forms/methods.html Oh, right, now I see what you (and David Durham) are getting at when you say "breaking the back and reload buttons". It's this part of the HTTP spec: 9.1.1 Safe Methods [...] In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested. I'll try and read more carefully next time. :-) Arien --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
On Tue, Jul 1, 2008 at 8:28 PM, Arien <[EMAIL PROTECTED]> wrote: > > On Tue, Jul 1, 2008 at 6:10 PM, Waylan Limberg <[EMAIL PROTECTED]> wrote: >> >> On Tue, Jul 1, 2008 at 5:59 PM, David Durham, Jr. >> <[EMAIL PROTECTED]> wrote: >>> >>> Nice thing about GETs is that users aren't confronted with the dreaded >>> "Data was submitted with POST" confirmation, which is confusing to >>> most people and usually not tested. Basically you end up breaking the >>> back button and the reload button. >> >> Um, this is intentional and a good thing. If you read the spec, not >> only is the difference between GET and POST defined, but the way user >> agents (browsers) should treat them is defined as well. Breaking the >> back & reload buttons is a requirement of the spec to, among other >> reasons, avoid multiple posts by impatient (or double-clicking) users. >> Granted, browsers could provide more helpful messages, but we want >> that behavior for POSTing data. > > What specification requires this? > A number of them actually. To name a few: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9 http://www.w3.org/TR/REC-html40/interact/forms.html#h-17.13 http://www.w3.org/2001/tag/doc/whenToUseGet.html A decent summary of the issues are found here: http://www.cs.tut.fi/~jkorpela/forms/methods.html -- Waylan Limberg [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
On Tue, Jul 1, 2008 at 6:10 PM, Waylan Limberg <[EMAIL PROTECTED]> wrote: > Um, this is intentional and a good thing. If you read the spec, not > only is the difference between GET and POST defined, but the way user > agents (browsers) should treat them is defined as well. Breaking the > back & reload buttons is a requirement of the spec to, among other > reasons, avoid multiple posts by impatient (or double-clicking) users. > Granted, browsers could provide more helpful messages, but we want > that behavior for POSTing data. Keep in mind that your average user doesn't care what a spec says about HTTP. I know the spec (well enough) and I agree that a browser should not allow people to accidentally POST by refreshing the page. That is the whole point of POSTing where it's needed (substantial amounts of form data or something that changes the state of the system), and redirect to GET the next page, since retrieving the next page should not be a problem regardless of how many times you do that. Anyway, a lot of users don't understand what the POST warning is about, and they'll rePOST anyway. If you POST then redirect to GET, you remove the POST from their history and don't (necessarily) have to worry about them POSTing by mistake. Clicking back to GET the previous page (perhaps from cache) should not be a problem either, and if it is, we can do better than a confusing browser confirmation dialog. (set the expiry policy properly and use the session scope to detect a problem and provide instructions to the user) > Perhaps he wants to allow the user to stop part way through a wizard, > bookmark the url (with the data entered thus far preserved in the > querystring), and allow them to pick up where they left off later.? > Interesting, but I wouldn't recommend it. For one, that could result > in some long urls (perhaps even longer than the limit). A multi-part > form could add up to a lot pretty quick. Second, those would be some > ugly urls. And third, as mentioned above, it's not really the proper > use of GET anyway. Well, the encoding multiple pages of form values in the URL is going to be problematic because of the issue I mentioned where servers will not work with ridiculously long URLs. My thinking is this is a case where using the session scope is valuable. I'm honestly a django newbie so I can't say much about the problems of storing forms in session scope. You could easily store some object, even just a dictionary or sequence of dictionaries representing the wizard state somewhere else and populate the form values on the GET pageX request. Session is handy but also storing elsewhere in case someone's session times out or they want to bookmark is nice. > So, unless a strong use-case is provided, I'm -1 on this. There's definitely a strong use-case for mere form display to be a GET not a POST. This is web-wizards 101. Believe me, I've written some wizards. -Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
On Tue, Jul 1, 2008 at 6:10 PM, Waylan Limberg <[EMAIL PROTECTED]> wrote: > > On Tue, Jul 1, 2008 at 5:59 PM, David Durham, Jr. > <[EMAIL PROTECTED]> wrote: >> >> Nice thing about GETs is that users aren't confronted with the dreaded >> "Data was submitted with POST" confirmation, which is confusing to >> most people and usually not tested. Basically you end up breaking the >> back button and the reload button. > > Um, this is intentional and a good thing. If you read the spec, not > only is the difference between GET and POST defined, but the way user > agents (browsers) should treat them is defined as well. Breaking the > back & reload buttons is a requirement of the spec to, among other > reasons, avoid multiple posts by impatient (or double-clicking) users. > Granted, browsers could provide more helpful messages, but we want > that behavior for POSTing data. What specification requires this? > Which leads me to the question: In what use-case would a FormWizard > ever GET? GET is only to be used to retrieve data (i.e.: search > results) whereas POST should be used when submitting data to the > server. I can't think of any case where a multi-page form would be > used to "retrieve" data. I realize Jeremy suggested that POST would > still be used on the final page, but even so, the other pages > technically are still POSTing data. The other pages are obviously retrieving the form to be filled in to complete the next step. > Perhaps he wants to allow the user to stop part way through a wizard, > bookmark the url (with the data entered thus far preserved in the > querystring), and allow them to pick up where they left off later.? > Interesting, but I wouldn't recommend it. For one, that could result > in some long urls (perhaps even longer than the limit). A multi-part > form could add up to a lot pretty quick. Second, those would be some > ugly urls. And third, as mentioned above, it's not really the proper > use of GET anyway. I fail to see how the perceived beauty of the generated URLs matters? Depending on the situation, using GET for various pages of a wizard-style interaction may be exactly the right thing to do. This doesn't seem to mesh nicely with the way things work in FormWizard's world, though. Arien --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
On Tue, Jul 1, 2008 at 5:59 PM, David Durham, Jr. <[EMAIL PROTECTED]> wrote: > > Nice thing about GETs is that users aren't confronted with the dreaded > "Data was submitted with POST" confirmation, which is confusing to > most people and usually not tested. Basically you end up breaking the > back button and the reload button. Um, this is intentional and a good thing. If you read the spec, not only is the difference between GET and POST defined, but the way user agents (browsers) should treat them is defined as well. Breaking the back & reload buttons is a requirement of the spec to, among other reasons, avoid multiple posts by impatient (or double-clicking) users. Granted, browsers could provide more helpful messages, but we want that behavior for POSTing data. Which leads me to the question: In what use-case would a FormWizard ever GET? GET is only to be used to retrieve data (i.e.: search results) whereas POST should be used when submitting data to the server. I can't think of any case where a multi-page form would be used to "retrieve" data. I realize Jeremy suggested that POST would still be used on the final page, but even so, the other pages technically are still POSTing data. Perhaps he wants to allow the user to stop part way through a wizard, bookmark the url (with the data entered thus far preserved in the querystring), and allow them to pick up where they left off later.? Interesting, but I wouldn't recommend it. For one, that could result in some long urls (perhaps even longer than the limit). A multi-part form could add up to a lot pretty quick. Second, those would be some ugly urls. And third, as mentioned above, it's not really the proper use of GET anyway. So, unless a strong use-case is provided, I'm -1 on this. -- Waylan Limberg [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
On Tue, Jul 1, 2008 at 4:59 PM, David Durham, Jr. <[EMAIL PROTECTED]> wrote: > form, and are redirected to a GET for the next step. In this case, > the POST disappears from the user's history (refresh and reload work > as expected). Sorry, reload and back work as expected ... -Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
On Mon, Jun 30, 2008 at 8:03 PM, Jeremy Dunck <[EMAIL PROTECTED]> wrote: > > I was thinking the FormWizard should allow GET to be used on all but > the last step, or should allow configuration of what to method to use. > > Forms aren't just for posting. > > Any interest in this? Nice thing about GETs is that users aren't confronted with the dreaded "Data was submitted with POST" confirmation, which is confusing to most people and usually not tested. Basically you end up breaking the back button and the reload button. Having a working reload button is nice for developers, and a working back button is really nice for users. There's a POST redirect to GET pattern where users POST a form, and are redirected to a GET for the next step. In this case, the POST disappears from the user's history (refresh and reload work as expected). I don't know a lot about Django's Form wizard, but it looks like it's hashing values in a hidden field, which would require use of the session scope (or maybe RoRs "flash" but that would break the reload button) so that you don't end up with a hash in the URL. Putting the hash in the url isn't necessarily an option because most web servers limit the length of URLs to something reasonable. -Dave --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Jul 1, 2008, at 18:56, Honza Král wrote: > That's -1 from me. I am not opposed to the idea in general, I just > don't feel it's needed and should be in the code. Sounds more like a -0 to me. -1 is, as far as I have seen, strong rejection. Ludvig "toxik" Ericson [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkhqk+0ACgkQXnZ94Kd6KaeegwCgpVjR04QzK+yNIHNuWvzOpR81 s1oAoJKZbPNob7D68n2VqUaVr+It+AKC =+15A -END PGP SIGNATURE- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: FormWizard - GETs on all but last step?
that would look really terrible with the hashes in the URL, that's why I avoided GET, it would be easy to factor it out and even allow for data to be passed in URL (I have no idea why somebody would want that, but why not ;) ) but I just don't think it would make sense. Forms aren't just for posting, but in my opinion, when I want to use something like a wizard, I really want POST. That's -1 from me. I am not opposed to the idea in general, I just don't feel it's needed and should be in the code. Honza Král E-Mail: [EMAIL PROTECTED] ICQ#: 107471613 Phone: +420 606 678585 On Tue, Jul 1, 2008 at 03:03, Jeremy Dunck <[EMAIL PROTECTED]> wrote: > > I was thinking the FormWizard should allow GET to be used on all but > the last step, or should allow configuration of what to method to use. > > Forms aren't just for posting. > > Any interest in this? > > > > --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
