Issue
I'm developing a web page on JSP using the Spring Framework. I know the difference between GET and POST generally. If the page sends information through POST, the sent information is not visible in the URL and in GET, it is visible.
I'm currently sending and receiving information via Controllers and just before writing my controller, I use Request mapping as follows:
@RequestMapping(value = "/pri/SuperUser/ResetPassword.qib",method = RequestMethod.GET)
@Override
public ModelandView function(Model model){
...
...
So, what is the difference between using GET and POST in this case? There should be something else different than just seeing the sent information in the URL.
Solution
It sounds like you don't quite have GET/POST understood completely yet.
Try thinking of it like this for a web application:
GET A GET method should be used to retrieve data from the server. Multiple get requests to the same URL should be valid and no data should be changed on the server side.
However, this doesn't mean it is not possible to make a GET request change things server side, but you should try to make sure you are following the standard.
POST A POST method should be used when you need to create, update or delete data on the server side. Making the same POST request multiple times may not be safe and may result in inconsistent data. The content of a POST request is sent in the request body. Hence, you don't see the parameters in your browser, but it is easy to see them if you wanted to (Even using the browser developer tools) so it is no more safe than a GET request.
NOTE: this is how they are used in general on the WEB, it is not the actual spec as there are other methods available. If you are creating a REST service you will want to explore the other methods
(Briefly - POST - for creating data, PUT - for updating data and DELETE for deleting data)
It may be worth reading the actual spec to get a complete understanding: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
If you did want to secure your HTTP requests, then this can be done using SSL encryption over HTTPS (A separate topic)
Answered By - cowls
Answer Checked By - David Goodson (JavaFixing Volunteer)
