And I'm really happy.
The problem is, is that I'm sitting on a POST.
The last thing I sent was a POST.
And if I hit Refresh,
because POSTs are considered by the browser to be expecting to modify data.
If you were going to decrement your savings account,
you would do it in a POST.
The browser doesn't want to resend the POST request for
you, just without your knowledge.
Now, this is not coming from my application.
This is coming from my browser,
that's keeping me from doing something stupid, right?
It says, you might be decrementing your bank account balance, or
transferring $100 twice, or something, right?
So it has run that I have to do this.
We as application developers,
we have lost control of the user experience at this point.
And so that's pretty tacky, and we're not very happy about that.
And so, there is a way to fix that, okay?
And that is to never generate output on POST.
And you can say POST, you can Google POST Redirect GET.
And you will see some Wikipedia pages, which I love so much, And
I even use this in my lecture.
It basically says, the problem with the POST, and then at 200 it comes back.
And then you hit Refresh, and it sends the POST again to generate the page, and
that's the dangerous moment, right?
So what we want to do, is we want to do a POST, and then we do the work,
and then we Redirect back to ourselves with a GET request.
And then we put the actual page out on the GET request.
And then if you Refresh it, it's doing the GET request over and over, and so
that's all cool.
The problem is, is what if we want to put a message out on this screen,
and we're generating the message here in this POST code?
Success, or guessed too low, or whatever.
What we're going to do, is we're going to use the session [COUGH] to copy
the data from this moment to that moment, okay?
We're going to look at the session to copy from this to this.
So we have to use the session to get the message.
because otherwise,
what we were doing, is we're just putting the too low message out right here.
But we've gotta do a POST redirect.
So we're going to know the too low message here, and
we're going to send it in the session to the next one.
And it's going to pull it out, and then print it, okay?
So, this is the bad one.
It falls through, produces output as a result of the POST.
Here is the good one.
Now, one of first things we see in the good one, is we have to use the session,
because we're going to pass data.