= Description =

Some links that create GET requests have side effects that may destroy data when a user is using a web accelerator that prefetch every link on a page. Such web accelerator is correct according to the HTTP spec.

== Steps to reproduce ==

Install Google web accelerator and visit your favorite wiki as registered user.

== Example ==

Here are some broken links found on this wiki:
 * http://moinmoin.wikiwikiweb.de/FooBar?action=logout&logout=logout - the logout link on any page.
 * [[http://moinmoin.wikiwikiweb.de/FooBar?action=AttachFile&do=del&target=img037.jpg|del]] - the delete attachment link in the version history page.
 * http://moinmoin.wikiwikiweb.de/FooBar?action=revert&rev=197 - the revert link on version history page
 * http://moinmoin.wikiwikiweb.de/FooBar?action=subscribe - subscribe/unsubscribe link on any page
 * http://moinmoin.wikiwikiweb.de/FooBar?action=quicklink - add/remove quick link on any page
 * [[http://moinmoin.wikiwikiweb.de/FooBar?action=AttachFile&do=del&target=alum.jpg|del]] - the delete attachment link on the attachments page

== Details ==

Any MoinMoin version.

== Workaround ==

Hope that your wiki users does not use web accelerator.

= Discussion =

http://www.37signals.com/svn/archives2/the_google_web_accelerator_is_back_with_a_vengeance.php - DHH of 37 Signals complain about Google Web Accelerator after he failed to use side effect free GET :)

Its possible to design a robot that will log in as a user, then fetch all the revert and del links in the wiki. Such robot working slowly during night may cause lot of mess :-)

Fix: any action that have any side effects should use form with POST method.
 * login/logout
 * change user setting - add links, subscribe etc.

Looks like we can't have everything in that case:
 The logout stuff at top of page use to be a POST form. Users disliked that because browsers rendered that item differently from the GET links nearby. It was also requested, that login should be an action that can be bookmarked (thus a GET).
 Another question is whether a web "accelerator" shouldn't rather fetch the links declared instead of everything it can find. Looks rather like a dDOS and annoyance tool if it really works the way as you describe it.
  People don't need to bookmark logout :) The easiest solution is to have the logout POST button on a second page. One click more, less problems. -- AlexanderSchremmer <<DateTime(2006-04-06T22:01:57Z)>>

= Plan =
## This part is for Moin``Moin developers:

 * Priority: 
 * Assigned to:
 * Status: 

----
## If you are a moin core developer, replace the category to Category* in these cases:
## Category MoinMoinNoBug - if this is not a bug.
## Category MoinMoinBugConfirmed - if you can confirm the bug on current code.
## Category MoinMoinBugFixed - after the bug is fixed in current code.
CategoryMoinMoinBug