Volker Birk wrote:

> Sebastian G. <seppi@seppig.de> wrote:
>> Volker Birk wrote:
>>> Todd H. <comphelp@toddh.net> wrote:
>>>> GET and HEAD commands sent to a web server should do nothing but read
>>>> some stuff. They shouldn't change anything.
>>> Oh yes, they can. They can change some state in the web server, why not?
>> Read the RFC: They shouldn't, and if you don't follow this, you run into a
>> big load of problems like inconsistencies on load errors or Cross Site
>> Request Forgery attacks.
>
> Do you want to claim, that web applications, which are using GET
> requests, are impossible to implement?


No. I claim they're impossible to implement correctly wrt. to how the
webbrowser as a client is modeled.

> You're claiming here, that eBay don't exist BTW.

No, I only claim that eBay is broken. Which it is, obviously.

Now will you please read my statement again? What part of "shouldn't" didn't
you understand?