So the W3 has released its grand volume I on the architecture of the world wide web. It's actually not that grand, nor ground breaking, but it's not such a long document, either, so if you feel like procrastinating on whatever it is you're working on, then you should skim through it. ;)

For a document that looks rather mundane, I must say it is surprisingly readable and the bits of "stories" they have put in aren't too bad. The document mostly talks about good practices by which URIs should be formulated. I did take issue with some of the preachings like URI persistence which I have some doubts on it ever becoming fully realized, but overall the docuement was a decent read. The one part that stuck out in my mind the most was the section on safe and unsafe interactions. The document asserts that while safe interactions can be carried out through an HTTP GET request, unsafe ones should be carried out through HTTP POST. This is probably one of the most commonly overlooked piece of web development methodology, as I see it being ignored on many online merchants' websites. The common mistake I'm referring to is the delivery of the purchase confirmation page as the content of the response to the purchase request. While they were right in carrying out the purchase request through an HTTP POST, the confirmation page that renders the summary of the purchase that just went through should have been a response to a separate request; one that is made over HTTP GET. The story that goes along with this section explains why this is bad and how one can go about fixing it, but the way it's worded is a bit geeky, so I thought I'd take another stab at it.

The fact that the summary page is a content delivered as a direct response to the HTTP POST request has the following drawbacks:

  1. If you hit "refresh" on the page you get some warning dialogue box, and if you hit "OK", your purchase order might be resubmitted, which could mean double charging on your credit card depending on how stupid the website is
  2. You cannot bookmark or e-mail yourself the URL of the summary page so you'll probably have to weed through your account information to find the order summary you're looking for
  3. If you accidentally hit the back button and try to return to the page, some browsers may have expired the content, thereby refusing to show it to you without you hitting the "refresh" button at the mercy of #1

The solution to this is to simply respond to the HTTP post request with a redirect that would land the user on the summary page that is accessible by HTTP GET. I mean, come on... If you can make an order summary page deep within the account information section, then you can certainly make this. Don be e-tailing girlie men, an implement zis feature tozay!


0 comment(s) | link to this entry | edit this entry

Want some more? Dig in to the archive for past entries.