diff --git a/checkin_notes b/checkin_notes
index 04a8ac9ba8..f973b58d8b 100644
--- a/checkin_notes
+++ b/checkin_notes
@@ -4073,3 +4073,9 @@ David  26 May 2012
 
     html/ops/
         revalidate.cpp
+
+David  26 May 2012
+    - web RPC: in am_set_info, if both GET and POST args are present, use POST
+
+    html/user/
+        am_set_info.php
diff --git a/html/user/am_set_info.php b/html/user/am_set_info.php
index 9c39b67677..d38c99d6c5 100644
--- a/html/user/am_set_info.php
+++ b/html/user/am_set_info.php
@@ -52,22 +52,8 @@ xml_header();
 $retval = db_init_xml();
 if ($retval) xml_error($retval);
 
-$auth = get_str("account_key", true);
+$auth = post_str("account_key", true);
 if ($auth) {
-    $name = get_str("name", true);
-    $country = get_str("country", true);
-    $postal_code = get_str("postal_code", true);
-    $global_prefs = get_str("global_prefs", true);
-    $project_prefs = get_str("project_prefs", true);
-    $url = get_str("url", true);
-    $send_email = get_str("send_email", true);
-    $show_hosts = get_str("show_hosts", true);
-    $teamid = get_int("teamid", true);
-    $venue = get_str("venue", true);
-    $email_addr = get_str("email_addr", true);
-    $password_hash = get_str("password_hash", true);
-} else {
-    $auth = post_str("account_key");
     $name = post_str("name", true);
     $country = post_str("country", true);
     $postal_code = post_str("postal_code", true);
@@ -80,6 +66,20 @@ if ($auth) {
     $venue = post_str("venue", true);
     $email_addr = post_str("email_addr", true);
     $password_hash = post_str("password_hash", true);
+} else {
+    $auth = get_str("account_key");
+    $name = get_str("name", true);
+    $country = get_str("country", true);
+    $postal_code = get_str("postal_code", true);
+    $global_prefs = get_str("global_prefs", true);
+    $project_prefs = get_str("project_prefs", true);
+    $url = get_str("url", true);
+    $send_email = get_str("send_email", true);
+    $show_hosts = get_str("show_hosts", true);
+    $teamid = get_int("teamid", true);
+    $venue = get_str("venue", true);
+    $email_addr = get_str("email_addr", true);
+    $password_hash = get_str("password_hash", true);
 }
 
 $user = lookup_user_auth($auth);