Storing previous URL as session data

[eluser]Jelmer[/eluser]
erik.brannstrom is correct.

There's nothing wrong with doing destructive actions using get, but you do have to secure against the kind of attack erik mentioned. It's not that hard to prevent:
- Create a unique code on the page from which the delete action is allowed to be undertaken (way to simple example: md5(time()))
- Save the code to a cookie AND put it in either a post variable or in the URL which deletes the entry (example: mysite.com/thing/delete/25/1f3870be274f6c49b3e31a0c6728957f)
- Check whether the cookie value and the URL or Post value match and only allow the deletion when they do match.

More structural ways can be found by Googling, searching the forums on CSRF and looking at the new CI2.0 Security class which includes a CSRF token generator and check function.

Edit: CSRF protection should be taken seriously and you should enable it site-wide. The best way is if you generate a new token on every page-load and include the token in the post or URL by reading the cookie using javascript. Another way is to give each token a limited time of validity before it needs a refresh, but that's more of a stop-gap measure then a really secure one.