Forum Moderators: phranque
I usually have all the sites running in a major frame, while the user sees only the [mydomain.com...] in their browser's adress bar, all the time. Iīve been doing this for two reasons:
Reason #1 - looks cleaner, the visitorīs experience is like a desktop software, without all those strange parameters showing out.
Reason #2 - the 1 pixel invisible frame (iFrame) I let above the major frame is usefull for making requests to the server without having to refresh the current page. I know thereīs XMLHttpRequest, to do this without the need of this pivot technique, but if youīre talking about a https request, like a login-only ssl connection, XMLHttpRequest doesnīt handle it.
NEVERTHELESS, Iīve run across many problems of this approach, mainly because Iīm starting to use mod_write's features, to provide my clients interessting adresses like [mysite.com...] (wich Apache, with my rule, rewrites to [mysite.com...] The problems Iīve run into are these:
Problem #1 - The iFrame wonīt be there when mod_rewrite urls are entered. So, on the scripts that require it, my javascript login is useless. And my site useless too! And that doesnīt happen only when mod_rewrite urls are entered, but everytime the user clicks search-engines links to the inner scripts its spiders have compiled, you know?
Problem #2 - Also related to the absence of the iFrame: Iīve provided this beautifull link for the DVD section, but when the user clicks anything, there you have all the dirty urls out!
So I thought about suggesting you guys we make a little survey about the approach regarding this issue.
Maybe we get to some consensus about it.
i have no qualms about including parameters in query strings when needed. As long as there are other parameters that are set with a secure login, the query string is pretty meaningless.
I'm not concerned about search engines in the database site (and really don't want them to index every screen in my application) so I sometimes send long strings in the querystring.
Still, I would prefer POSTing the parameters back to the server for cleanliness.
Thanks for the reply. In fact, I talked to some friends and Iīm decided to abandon this sterilized iframe solution.
But now I have to find out other way to make the https login I was ordering through the iFrame. You think a pop-up would be a good solution? I donīt want to make it in the same window (now that there arenīt frames anymore) because I donīt need more than protecting the username and password traffic through the net, you know?
Also, about what you said about POST, you meant also the A-HREF-tag links? Or just the forms? If them also, you do that through xmlhttpRequest, right?
phoenix_fly
