HTTP GET and POST methods

Two commonly used methods for a request-response between a client and server are: GET and POST.

GET Method :

GET method is used to retrieve data from web server by specifying parameters within the URL portion of the request. The GET method is mainly used for document retrieval. An example of GET request is :

Some of the features of GET method are :
  • GET requests can be cached
  • GET requests remain in the browser history
  • GET requests can be bookmarked
  • GET requests should never be used when dealing with sensitive data
  • GET requests have length restrictions
  • GET requests should be used only to retrieve data

GET method is not secure and hence not a suitable choice for transferring confidential data but, GET method is extremely useful for retrieving static content from web server. Here are some examples where a using GET method :

  • There is no side effect of repeated request. for example clicking a link which points to another page. it doesn't matter if you click the link twice or thrice , This also gives chance browser of server to catch the response for faster retrieval.
  • If data requires to be sent to Server is not large and can safely accommodated in maximum length of URL supported by all browser. In general,  different browser has different character limit for URL length but having it under limit is good choice.

POST Method :

In POST method data is not sent as part of URL string to server, instead it is sent as part of message body. Post requests are used to make more complex requests on the server. For instance, if a user has filled a form with multiple fields and the application wants to save all the form data to the database. Then the form data will be sent to the server in POST request body, which is also known as Message body. An example of GET request is :

Some of the features of POST method are :
  • POST requests are never cached
  • POST requests do not remain in the browser history
  • POST requests cannot be bookmarked
  • POST requests have no restrictions on data length

POST method is secure because data is not visible in URL String and can be safely encrypted using HTTPS for further security. All sensitive and confidential information sent to be server must go on POST request and via HTTPS (HTTP with SSL). POST method is also used for submitting information to server, any information which can alter state of application like adding item into shopping cart, making payments etc. here are some examples where we should consider using POST method in HTTP request:

  • If we are sending large data which can not be fit into URL in case of GET.
  • If we are passing sensitive and confidential information to server e.g. user_id, password, account number etc.
  • If we are submitting data which can alter state of application e.g. adding items into cart for passing that cart for payment processing.
  • If we are writing secure application and don't want to show query parameters in URL.

Next Topic :

No comments:

Post a Comment