TABLE OF CONTENTS All communication between the browser and server is done via HTTP requests and responses. As an application-level protocol, HTTP is wrapped into lower-level protocols, so you don't need to worry about them. Every time you load a Web page into your browser, the browser makes multiple requests to the server as it downloads images, scripts, and other elements. When you submit a form, the browser submits the data you've entered, along with any hidden form values and any possible effects of JavaScript, to the server in a request, almost always via either a GET or a POST.
An HTTP GET passes information to the server by appending the information to the end of the page name as show in Figure B.9. In a POST request, however, the information is not appended to the URL but is rather submitted in the body of the request packet, as shown in Figure B.10. Many developers believe that POST requests are actually more secure than GETs because the information is not exposed in the address bar of the browser. In reality, a POST is just as exposed as a GET in the packet and equally subject to tampering. There is, however, one distinct difference between a GET and a POST: data persistency. Anything in a URL (such as querystring information from a GET) can persist in many areas far beyond the Web developer's control. These include:
