A visitor to a web site that sold things noticed that some of the session state was kept in the URLs that were included in the site’s pages as links that led the buyer thru purchasing stages. This is the naïve form of the ‘stateless server’. He noticed that the price of the item was included in the URL that was invoked upon clicking the “BUY” button. He modified such an URL and then invoked it as if he had merely clicked on the button. The site completed the transaction at a lower price. Eventual confronted with the evidence the user said: “But I thought we were dickering over the price.”.