- idempotent noun:
"relating to or being a mathematical quantity which when applied to itself under a given binary operation (as multiplication) equals itself; also : relating to or being an operation under which a mathematical quantity is idempotent" Obviously an overkill (or no kill if you ask me) of a definition.
GET requests, since they are part of the URL, can be seen by anyone that has access to the browser (via the history or cache) after a presumably private transaction is made. They can even be bookmarked (making it even easier to the eavesdropper).
The same is not true of POST requests.
Conclusion: Every
FORM METHOD= attribute should be set to POST if privacy (not to mention security) is of any concern.
However, the only way of passing parameters to a
Java servlet (and in the
old days to a CGI program) using a link (HREF=...) is via GET; There is no POST.
For example,
http://servlet/CheckOutControllerServlet?account=123 uses a GET method (no choice of request method there).
so choose your FORM METHODs carefully.