Comments on: Storing page-state in the session is evil / Spammer for a day http://madbean.com/2005/page-state/ Your zero step program Sat, 22 Nov 2008 04:47:51 +0000 http://wordpress.org/?v=2.6.3 By: john http://madbean.com/2005/page-state/#comment-365 john Wed, 20 Jul 2005 14:39:23 +0000 http://madbean.com/2005/page-state/#comment-365 <p>Graham, no one claims that it's a limitation of server-side state, but it's clearly a bug in the way server-side state in concert with client side state (i.e., a cookie) was used in the webapp in question. </p> <p>In response to "I think it’s more important that the user is aware og how their browser will work," users will most definitely NOT be aware of how their browsers will work. That's why webapps need to be written to work properly (or bomb out and tell the user why) regardless of what weird acts the user performs. Your comment about how it wasn't really a problem that some user was running into trouble when he Ctrl-N'ed for a new window "because people normally wouldn’t use the app the way he was" is really troubling (or at least it should be troubling to your clients).</p> Graham, no one claims that it’s a limitation of server-side state, but it’s clearly a bug in the way server-side state in concert with client side state (i.e., a cookie) was used in the webapp in question.

In response to “I think it’s more important that the user is aware og how their browser will work,” users will most definitely NOT be aware of how their browsers will work. That’s why webapps need to be written to work properly (or bomb out and tell the user why) regardless of what weird acts the user performs. Your comment about how it wasn’t really a problem that some user was running into trouble when he Ctrl-N’ed for a new window “because people normally wouldn’t use the app the way he was” is really troubling (or at least it should be troubling to your clients).

]]> By: graham http://madbean.com/2005/page-state/#comment-362 graham Thu, 14 Jul 2005 15:03:54 +0000 http://madbean.com/2005/page-state/#comment-362 <p>the browser will decide whether sessions are shared across multiple tabs, even windows. it isn't a limitation of server-side state tho, it is particular to your client. I think it's more important that the user is aware og how their browser will work. i had a client that came across a problem because he was using IE and cloning the window instead of creating a fresh session in a new window. in reality, the use case of using multiple windows is rare amongst clients and the problem he was seeing wasn't really a big issue because people normally wouldn't use the app the way he was.</p> <p>good idea about maintaining another context for page-flow, bit more work, but it would have saved me trying to explain the use of sessions in web applications to a non-technical client. i also agree with the last comment that it would be great to have support for that in the big frameworks like struts and webwork because tabbed browsers are becoming more and more popular so the problem will only get worse.</p> the browser will decide whether sessions are shared across multiple tabs, even
windows. it isn’t a limitation of server-side state tho, it is particular to your client.
I think it’s more important that the user is aware og how their browser will work. i
had a client that came across a problem because he was using IE and cloning the window
instead of creating a fresh session in a new window. in reality, the use case of using
multiple windows is rare amongst clients and the problem he was seeing wasn’t really
a big issue because people normally wouldn’t use the app the way he was.

good idea about maintaining another context for page-flow, bit more work, but it would
have saved me trying to explain the use of sessions in web applications to a non-technical
client. i also agree with the last comment that it would be great to have support for that
in the big frameworks like struts and webwork because tabbed browsers are becoming
more and more popular so the problem will only get worse.

]]> By: Trejkaz http://madbean.com/2005/page-state/#comment-361 Trejkaz Wed, 13 Jul 2005 23:30:13 +0000 http://madbean.com/2005/page-state/#comment-361 <p>I agree. It would be a massive inconvenience if Firefox dropped my cookies whenever opening a new tab. Can you imagine trying to browse Slashdot with that kind of braindead setup? Every time you opened a new tab from a comment link, your session would go away. Which is fantastic because then, every time you wanted to comment back, you'd have to login again. :-)</p> <p>Now, window scope... that's a pretty frigging cool idea. Why isn't that built into Struts?</p> I agree. It would be a massive inconvenience if Firefox dropped my cookies whenever opening a new tab. Can you imagine trying to browse Slashdot with that kind of braindead setup? Every time you opened a new tab from a comment link, your session would go away. Which is fantastic because then, every time you wanted to comment back, you’d have to login again. :-)

Now, window scope… that’s a pretty frigging cool idea. Why isn’t that built into Struts?

]]> By: James http://madbean.com/2005/page-state/#comment-360 James Wed, 13 Jul 2005 14:19:35 +0000 http://madbean.com/2005/page-state/#comment-360 <p>Yep I had a similar problem on a large web-app. We got around this by associating a master parameter 'windowId' to a new scope level. So in effect, you then had page scope, request scope, window scope, session scope, application scope. Forced proper use by by throwing an exception if no request parameter of 'windowId' was found. It worked quite neatly.</p> Yep I had a similar problem on a large web-app. We got around this by associating a master parameter ‘windowId’ to a new scope level. So in effect, you then had page scope, request scope, window scope, session scope, application scope. Forced proper use by by throwing an exception if no request parameter of ‘windowId’ was found. It worked quite neatly.

]]> By: spud http://madbean.com/2005/page-state/#comment-359 spud Wed, 13 Jul 2005 13:10:59 +0000 http://madbean.com/2005/page-state/#comment-359 <p>Graham, why is this a problem with the cookie implementation in the browser? It is quite common that all windows in a single browser "process" share cookies. Safari does this, IE and FireFox do it, etc. And it makes sense that it works that way.</p> Graham, why is this a problem with the cookie implementation in the browser? It is quite common that all windows in a single browser “process” share cookies. Safari does this, IE and FireFox do it, etc. And it makes sense that it works that way.

]]> By: graham http://madbean.com/2005/page-state/#comment-358 graham Wed, 13 Jul 2005 09:39:33 +0000 http://madbean.com/2005/page-state/#comment-358 <p>the problem you're seeing is actually a problem with the cookie implementation in your browser and not a web app prob tho. for example, firefox doesn't see tabs as new windows and will share session state and opening a second IE using ctrl-new window sees the second window as part of the same session. however using a shortcut to open a second IE will create two different sessions.</p> the problem you’re seeing is actually a problem with the
cookie implementation in your browser and not a web app prob tho. for example, firefox
doesn’t see tabs as new windows and will share session state and opening a second
IE using ctrl-new window sees the second window as part of the same session. however
using a shortcut to open a second IE will create two different sessions.

]]>