On Thu, May 14, 2009 at 6:33 PM, Tim Bray <span dir="ltr">&lt;<a href="mailto:Tim.Bray@sun.com">Tim.Bray@sun.com</a>&gt;</span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">would&#39;nt GET be prone to some kind of spider GETing all links it came across (for indexing) causing data centre havoc ?<br>

<br>
Details - not if we don&#39;t include authentication information, check user agents, etc. but if we feel it necessary to keep sharp implements out of the way of the children then we can.<br>
</blockquote>
<br></div>
Here&#39;s the rule (<a href="http://www.w3.org/TR/webarch/#safe-interaction" target="_blank">http://www.w3.org/TR/webarch/#safe-interaction</a>):  &quot;Agents do not incur obligations by retrieving a representation.&quot;<br>

<br>
That is to say, spiders and pre-fetching proxies and so on are perfectly entitled to GET any link they see, and if mayhem ensues, it&#39;s the server&#39;s fault, not the client.  People often say &quot;GET should not cause a change in state&quot; which is wrong, because it writes logfile entries and sets cookies and all sorts of stuff.</blockquote>
</div><br>Ok so I guess I mis-parsed the part of <a href="http://www.tbray.org/ongoing/When/200x/2009/03/20/Rest-Casuistry">your post</a> where you said &quot;<i>The reboot and halt buttons don’t really have any state, so you shouldn’t expect anything useful from a GET</i>&quot;. I&#39;m guessing a &quot;POST&quot; is the best way to &quot;push&quot; a button then?<br>
<br>Sam<br><br>