The odd Phenomenon of using get in Ajax

If XMLHttpRequest. Open (...) uses the get method, the browser will not respond if the same value is sent twice, and the POST method must be changed. For specific explanations, refer to the following:

Http://meebox.blogspot.com/2007/10/getpostcache.html

Relationship between get, post, and Cache

In most Ajax accounts, as long as the open method of XMLHttpRequest is interpreted, the difference between get and post will certainly be mentioned, however, in most cases, get will directly add data to the URL, so that on the one hand, the website of the browser will contain missing information, on the other hand, the limit on the length of the URL is limited, and there is no way to limit a large amount of resources. However, get and post have a very different response, which is not mentioned in most cases, that is, get response will be cached, but post will not.

Because the base image of the cache is a URL object, if the number of cached objects is different, the existence of the cache may occur. However, if the URL is the same, the program may appear abnormal. For example, my colleague is writing an Ajax-version chat room example, which is due to graphic quality, therefore, it takes a very simple approach (in fact, many chat rooms running on the website also use the same method ), without adding texts to the end of a text box, the text box and the text box will be written through the Ajax machine, at a time, the system retrieves the text token from the servo, indicating the chat zone on the timer.

You can imagine what will happen when you call chat.txt. My colleague used the get method to call the open method of XMLHttpRequest and specified the URL parameters as "chat.txt". The chat.txt in cacheis used for every retrieval, causing no question about how to make a statement, the results shown on the browser have not changed, as if the hacker's statement was just like the sea.

To solve this problem, some people have used some kabuki ones, such as converting the URL data to "chat.txt? "In addition to the date time, the signed URL is different each time, so that the attacker will not commit the same case to the cache. This method is effective, but the simplest method is to change get to post, and everything is normal.

The difference between get and post is mainly because of the intent of the get original design, that is, the query result of the simple operation, as long as it is the same query condition (the internal volume of the parameter), the same result should be returned for multiple queries. For this reason, the compiler will give the Get Response to the cache. Anti-compaction post, the original intent is to send the information Token back to the servo end for processing, so the hacker should not make a self-explanatory, instead of returning the data to the servo end, the Bank uses the cache.

The difference between get and post is very difficult to find, but in the Development of Ajax programs that are difficult to understand, developers are likely to make the program staff spend time and energy, so they can't find the problem.