Eliminate server-side state to obviate cookies
by tmoertel (Chaplain) on Jul 05, 2005 at 16:40 UTC
|
How does this eliminate the need for cookies? ... No matter how much you can save on the server side, HTTP is stateless and you need some piece of data coming from the client to indicate that this request is tied to a previous request ...
If you can represent the entire state compactly enough, you can send it back to the client with every response and receive it from the client with every request. Now you don't need to store any state on the server, nor do you need cookies on the clients.
For example, take a look at Web Authoring System Haskell. It records a journal of client-server interactions, sends this journal to the client as part of every response (in a hidden field in an HTML form), and when the form is submitted, it replays the journal on the server to recreate the state.
Cheers, Tom
| [reply] |
|
| [reply] |
|
Whether you send the data to the client as a hidden field in a form, or as a cookie it's basically the same thing.
Not really. The complete-state-in-a-form method allows for easy session forking. It also allows users to undo state transitions by backing up into the browser history. Cookies don't support either of these.
Cheers, Tom
| [reply] |
|
|
| [reply] |
|
How do you stop the client from changing the state into one it shouldn't?
It's easy: cryptographically sign the state.
| [reply] |
|
|
|
| [reply] [d/l] |
|
|
|