Micha <[EMAIL PROTECTED]> writes: > [EMAIL PROTECTED] (Andrew M. Bishop): > > > You need to find out what is causing the re-request to be made and > > configure something to stop that. Obviously it must be a forced > > refresh or you would not be seeing the confirm request page. > > If i reload from the cache (offline) > [http://www.microsoft.com/technet/archive/security/news/c2faq.mspx] > > The browser (galeon) say, > << > The page you are trying to view contains POSTDATA. If you resend the > data, any action the form carried out (such as a search or online > purchase) will be repeated. To resend the data, click OK. Otherwise, > click Cancel. > >> > > and when i click on OK the resultuing confirm request is for > > [http://www.microsoft.com/technet/archive/security/news/c2faq.mspx?!POST:8hDgjN9Zqj > foJpj1NlYdw.42eae312] > > which is not anywhere in the cache. > > In the cache index, i can see from this path only > > /technet/archive/security/news/ngscb.mspx?!POST:8hDgjN9ZqjfoJpj1NlYdw.42e1b68a > /technet/archive/security/news/ngscb.mspx?!POST:8hDgjN9ZqjfoJpj1NlYdw.42e1b712 ...
> so i have to suspect that some javascript creates a POST request > for a database file where the last few charcaters doesn't actually > belong to the ID but are randomly created on the fly to block cache > reloading, to urge visitors to update to the latest version or to have > them counted or cookied at the page again for whatever reason. The last few characters are added by WWWOFFLE so that it can distinguish multiple POST requests. The same data is being posted each time (the character string '8hDgjN9ZqjfoJpj1NlYdw' is a checksum of the POST data, the characters like '42e1b68a' is the time). I think that the Javascript is to blame and like you say it is making a POST request for the page when you reload it. This could be for tracking purposes or just stupidity by the website authors. There certainly seems to be no need for reposting form data for the same page of static information. > I don't actually understand the whole thing. > How do you manage to have it working for you ? Disbaled Javascript ? I have disabled Javascript in WWWOFFLE. > Ah, i just found out i can request the bookmarked URL > [http://www.microsoft.com/technet/archive/security/news/ngscb.mspx] > and when i immediately click on the 'stop' button i can prevent the > wwwoffle confirm message. > > If wwwoffle would pop up a message box instead of replacing the page, i > could see its contents anyway.... If the confirmation was done with Javascript this might be possible, but I don't know enough Javascript to know how to do this. -- Andrew. ---------------------------------------------------------------------- Andrew M. Bishop [EMAIL PROTECTED] http://www.gedanken.demon.co.uk/ WWWOFFLE users page: http://www.gedanken.demon.co.uk/wwwoffle/version-2.8/user.html
