Re: [web2py] Re: Link-pass data to new view via session not on URL
On Sun, Oct 24, 2010 at 4:16 PM, cjrh caleb.hatti...@gmail.com wrote: I want to know if there is a way to get data to go from a page to a controller function via an HTTP link, rather than using a form, and without showing that data on the URL. AFAIK, you only get to use two HTTP methods (regardless of whether AJAX is involved or not): GET and POST. GET uses query params to pass around values (in the URL as you say), and POST sends them inside the request. There are no other options. At any length, web is stateless. It means that the server-side doesn't have to know what the user was doing on the previous page when processing a request. This implies that everything you have to know when server is processing a request, has to be made available to the server at the time request is made. Fighting that is time-consuming, and usually not a very good idea. In your case, the best way is actually number 1: use GET. This results in a single request, and that's how HTTP is supposed to work. Since you say the data is already in the table on the page, there's no point in trying to hide it, especially since POST isn't really hiding anything if someone really wants to get ahold of request data. -- Branko Vukelić bg.bra...@gmail.com stu...@brankovukelic.com Check out my blog: http://www.brankovukelic.com/ Check out my portfolio: http://www.flickr.com/photos/foxbunny/ Registered Linux user #438078 (http://counter.li.org/) I hang out on identi.ca: http://identi.ca/foxbunny Gimp Brushmakers Guild http://bit.ly/gbg-group
Re: [web2py] Re: Link-pass data to new view via session not on URL
On Sun, Oct 24, 2010 at 4:43 PM, cjrh caleb.hatti...@gmail.com wrote: The datum in my case is a room rate that a client must pay. Recalculation is somewhat complicated, and I had hoped to avoid a recalculation and just pass the already-calculated value to the confirmation page. I cannot let that be part of the URL for obvious reasons, and I suspect having it appear in postdata will also be problematic. One the first page, the user select one of many rates. In the following page, I ask for confirmation. How to get the previously-calculated rate over to the confirmation page? Here's how I'd do it. # PAGE 1 * Users enters the desired options # SERVER-SIDE * Values are calculated and fed into a template # PAGE 2 * Calculated values are shown, and a form with hidden fields and a submit button labeled 'Confirm' is shown # SERVER-SIDE * The submitted values are entered in a database and fed into the thank-you page template # PAGE 3 * Thank you message with calculated data again and optional Nah, I was jist kiddin' button. -- Branko Vukelić bg.bra...@gmail.com stu...@brankovukelic.com Check out my blog: http://www.brankovukelic.com/ Check out my portfolio: http://www.flickr.com/photos/foxbunny/ Registered Linux user #438078 (http://counter.li.org/) I hang out on identi.ca: http://identi.ca/foxbunny Gimp Brushmakers Guild http://bit.ly/gbg-group
Re: [web2py] Re: Link-pass data to new view via session not on URL
On Sun, Oct 24, 2010 at 8:41 PM, cjrh caleb.hatti...@gmail.com wrote: On Oct 24, 5:03 pm, Branko Vukelic bg.bra...@gmail.com wrote: * Calculated values are shown, and a form with hidden fields and a submit button labeled 'Confirm' is shown The hidden fields still show in the page source though. A smart user could submit his own set of data if he can see what field id's are being expected. That's what I want to avoid. There must be no way a user can change the charge amount at any stage of the process. Oh, so ok, I get what you're trying to do now. Don't pass charge amount around. Charge amount should be one-way. You NEVER, under ANY circumstances, using ANY technology, expect that amount to come from client side. There is nothing you can do to prevent a skilled hacker from manipulating the data. The ajax thing you used is readily readable using any javascript debugger. If there is a definite correlation between the rates and the final amount you either a. get the amount of service and return the total cost, or b. get the total cost and return the amount of service You can't receive both, and hope it's correct. Period. The best way to do this it probably use a table for unconfirmed offerings. And move them into confirmed table once confirmation is done. Either that or make a confirmation flag in the database, and add expiry date to it so it automatically expires in, say, 24 hours if user doesn't confirm. -- Branko Vukelić bg.bra...@gmail.com stu...@brankovukelic.com Check out my blog: http://www.brankovukelic.com/ Check out my portfolio: http://www.flickr.com/photos/foxbunny/ Registered Linux user #438078 (http://counter.li.org/) I hang out on identi.ca: http://identi.ca/foxbunny Gimp Brushmakers Guild http://bit.ly/gbg-group
Re: [web2py] Re: Link-pass data to new view via session not on URL
On Sun, Oct 24, 2010 at 2:17 AM, cjrh caleb.hatti...@gmail.com wrote: On Oct 24, 1:56 am, cjrh caleb.hatti...@gmail.com wrote: My tests below doesn't seem to permanently update the session object inside setnum(), even though request.args does contain the number sent by ajax. Ok, I figured out that the $.ajax() call doesn't send a cookie, so the session object inside setnum() is an entirely new one, not the one we want to update. I still want to know how to get data through to a new page via a link (as opposed to a form), and without using data on the URL How is the data 'associated' with the link? -- Branko Vukelić bg.bra...@gmail.com stu...@brankovukelic.com Check out my blog: http://www.brankovukelic.com/ Check out my portfolio: http://www.flickr.com/photos/foxbunny/ Registered Linux user #438078 (http://counter.li.org/) I hang out on identi.ca: http://identi.ca/foxbunny Gimp Brushmakers Guild http://bit.ly/gbg-group