How should I choose between GET and POST methods in HTML forms?

Question

I wish to know all the pros and cons about using these two methods. In particular the implications on web security.

Thanks.

Answer 1

One security issue in GET that a is often overlooked is that the web server log contains the fully URL of every page access. For GET requests, this includes all the query parameters. This is saved to the server log in plain text even if you access the site securely.

The server logs are often used by site statistics apps, so it's not just the server admin who might see it.

The same caveat applies with third party tracking software, such as google analytics - they record the full URL of the page, again including the GET query parameters and reports it to the analytics user.

Therefore, if you are submitting sensitive data (passwords, card numbers, etc etc), even if it's via AJAX and never appears in the browser's actual URL bar, you should always use POST.