Welcome to the forum. I'll see if I can give you a hand with some of the problems that you are experiencing. I'll list them off below:

Item 1:
If you run through the POST values, are you seeing odd variable names or just wrong data coming through? Standard forms should work, but if you provide the sample HTML that you are using we could probably help you debug the problem. As an alternative, you can you the built in yml:form tag, which should cause you less issues when posting than trying to work with the caja parser.

Item 2:
Automatic redirects (like header()) are not currently allowed on the platform for security reasons. All redirects need to be user initiated from standard click events.

Item 3:
Yes, as long as your server enables sessions, you should be just fine. I just ran a test on my server to make sure everything ran well and I was able to transfer session data from page to page (adding SID to the link requests though).

Please let us know if you run into any other issues we may assist with.

Jonathan LeBlanc
Senior Software Engineer
Yahoo! Developer Network

Hello Jon,

Thanks for your help.

Item 1:

Here is the HTML in my page when I use the <yml:form>:

<yml:form name="league_edit" id="league_edit" view="YahooFullView" params="league/league_edit.php" method="POST">

....

</yml:form>

The form was changed when i view the sorce of the page on yahoo APP,the "method" becomes "get", In fact, i can get my data through "GET":

<form id="yml-form-xLiFm74u-793-cajoled" onsubmit="return plugin_dispatchEvent___(this, event, 0, 'c_1___')" name="league_edit-cajoled" method="get" class="yml-form" action="http://apps.yahoo.com/-xLiFm74u/YahooFullView/league/league_edit.php">

I also get these "POST" data:

array(13) { ["yap_consumer_key"]=> string(108) "dj0yJmk9UUZiSGV3V25IYXVaJmQ9WVdrOWVFeHBSbTAzTkhVbWNHbzlNVFk1TnpZek9UQXpNQS0
tJnM9Y29uc3VtZXJzZWNyZXQmeD1lOA--" ["yap_viewer_access_token"]=> string(798) "A=acm4FXvlkiCH2PeraCaxF0lzE2zF_EEHlDMxY5Z8M5kUhtSZU1yIkni7l9smUy802AavNmpzA
wq4Zv7r32cKvnyFn7Q67Vwb1U.DsssAtREcpXnb5H3hdVdZAK0APeBdQcMX2hatXPYhyFzjoX0qeJwEj
a
smXCTPL8k5XbIbYlLBXzzsi87MBPv4Ex.9jKaMKncMKfV_1oi2dlBmwMH7RA3HKaIc0TR2NgowAANKtR
O
Vv_37JqFiRox4TtMXh3y_4k8llZFhZvrJ1wRHF.AYsBMBFLxny3IzmBqsuWNVEmuKyRxMn_oB8zJG8ej
V
TOCR7P41kY4pF.Y0ZLbpzTwmb3saVCrOHSgv4nPcm1SBmRaZyf4vf0M.lYXe1iBbJ5rzOFvVKgnDcQh1
H
MCmkqEEahbCw_aD2EkMRMIqE8rIOQPuVoNzwFjz.c_Xohg3VtsblUF3JGiz0dhCDjsSdBZFQgBq3JEdX
X
FKrjxGO6z5Enk.iVWb4kPN.IrW_sdH4bvgy7akqw.njmSkgmL.zuZUWi9ohiWxkmNfXFj0VKB6a1CryJ
y
1pwEniFOeJDjcws6ECxsP7.CXXZ4F09cLbq.lz6YLgB03ak9ApjemutKOgQv50ENhAbUAZE3Cd_0Fqpm
K
2OT0EDFseX4.w7tGa81zhOSZd6zXiZoXGqCRkhBACvFXEvRxVgzc9Ct52q6Xp.Wu4gfvbi_dRleh20SV
8
BBx9VYvh7AMKv_eg0J10S7p975F.6_zXTgpkyP3Wnqg_vHkXYeT2bYB5wELP1mkPgNqBgAGv_U-" ["yap_viewer_access_token_secret"]=> string(40) "8254fd45a7ac4ad41e0f25770e8da8f769e0c420" ["yap_viewer_guid"]=> string(26) "ZHUX5XMW5ZZSYKDITKE42NQK2E" ["yap_owner_guid"]=> string(26) "ZHUX5XMW5ZZSYKDITKE42NQK2E" ["yap_tz"]=> string(0) "" ["yap_jurisdiction"]=> string(0) "" ["yap_appid"]=> string(8) "xLiFm74u" ["yap_dropzone_id"]=> string(0) "" ["yap_view"]=> string(13) "YahooFullView" ["yap_time"]=> string(10) "1232506691" ["oauth_signature_method"]=> string(9) "HMAC-SHA1" ["oauth_signature"]=> string(28) "6A5S8l5O8nuKw+Tc6yIqP4Ssabo=" }

When I use the normal HTML form today, I can get my data from "POST", I don't know why. yestoday I only got the "POST" data as above.

Item 2:

I really need the "Automatic redirects" function in my APP, is there any other method? Could I use the javascript "window.location.href" to redirect page?

Item 3:

In fact when i tested my APP yesterday, the session didn't work, I used database instead of session now.

Another issue is:I want to know how to debug my APP, I used the code:YahooLogger::setDebug(true); but no debug data was print out. My app is live, I don't know how to change its status back to "DEV".

Thanks!

I know why i can't get "POST" data now: if the form has this code: "enctype="multipart/form-data", then you can't get it.
you can use the form like this: <form id="browse" name="browse" method="post" action="test.php" enctype="multipart/form-data >
it should be: <form id="browse" name="browse" method="post" action="test.php">

I mean, you can't use the form like this: <form id="browse" name="browse" method="post" action="test.php" enctype="multipart/form-data >

I'm glad you found an alternative to some of those issues. Regarding the redirect, window.location* will throw a caja parsing error. There is something you can do as an alternative. When you would normally call your redirect function, instead make an OpenSocial gadgets.io.makeRequest method call with the url you are attempting to forward the user to. This will make an ajax request to grab that page content and, once it returns, you can use DOMNode.innerHTML to inject your page content into the same location. This will mimic the same effect as a redirect without actually having to redirect.

Just a word of warning though, when content is injected into the page using innerHTML, the caja client side sanitizer comes into effect, which will most likely strip your JavaScript from the returned content (and sometimes your css). Here are some tips for adjusting for that:
- If you have JS onClick events, instead assign an id to the node and then, once innerHTML has completed, use addEventListener / attachEvent to inject your click event - that's what we do for some of our apps and it works well.
- If you css style blocks are being stripped, inline all css to the nodes, that should repair the issue.

Please let us know if you run into any issue, we'd be glad to assist.

Jonathan LeBlanc
Senior Software Engineer
Yahoo! Developer Network