Arc Forumnew | comments | leaders | submitlogin
3 points by xiphorian 5915 days ago | link | parent

Perhaps I'm just dense but ... how does that work just plainly through HTTP? That is, the value not being passed through the URL. How does it get to the server then?

If I knew how to do that first, I might be able to implement it in some other language :)

6 points by pg 5913 days ago | link

What's passed in the url is the id of a closure stored on the server.


3 points by nostrademons 5913 days ago | link

What happens if you need to scale to multiple servers? Or if the server goes down for a reboot?


5 points by pg 5913 days ago | link

You'd do the same sorts of things you'd do in any language.


6 points by nostrademons 5913 days ago | link

In other languages, you'd typically store the session in memcached or the database, and then run multiple web frontends that each connect to the shared memcache instance or DB server. Can you serialize closures and store them in an external backend, assuming the existence of memcached and/or database bindings?

(I'm not asking this to prove a point or be a dick...this is a real issue in a lot of deployments. Java/JSF takes the same approach - it stores the complete state of the user interaction in a tree on the server, and then uses either a cookie or URL parameter to retrieve that state. A coworker and I spent a couple weeks digging into the JSF internals to get it to operate statelessly; the base JSF framework worked fine with a configuration change, but the AJAX framework built on top of it choked miserably.)


1 point by dc27437 5911 days ago | link

What did you do to get the base JSF to work on multiple servers? I am having that issue now - whenever a server switch is done, the context set up by JSF is lost and a blank page shows. Results 2 thru n on the same server are fine, result 1 being the initial page (JSP) request. Thanks.


1 point by nostrademons 5911 days ago | link

For basic JSF, you just set a context-param on your web.xml for javax.faces.STATE_SAVING_METHOD = client.

It'll serialize the UIComponent tree and store it in a hidden input field with every interaction, then restore the view from that field. Naturally, this doesn't work if you're using GET for forms. (There's an undocumented feature of JSF where you can change the form method using JavaScript and make it submit information via GET. It tends to break though - you can easily overflow query strings, and I recall some problems when binding components to bean properties.)


1 point by dc27437 5910 days ago | link

Thanks! I appreciate it.


1 point by xiphorian 5913 days ago | link

Hmmm, I guess I still don't understand :-(

You have some page with an edit box and a submit button. When you submit, the data in the box transfers to the server, which displays a new page, which relies on session data to print something to your screen.

Your challenge is to create an application where the behavior of the second page can't be manipulated by by altering the URL.

The reason I don't quite understand the question is that I don't know how the contents of the text box gets to the server in the first place. Certainly once the text is on the server, if the server relies on closures for the second page, then it cannot be manipulated. Say it's You can't change that pages because by the time you hit that URL, the text is already in the server and it operates with closures.

OK, I get that part. The part I don't understand is... the data has to get to the server sometime. If you're making a post to then you can _effectively_ change the second page by altering the data then. So perhaps it's not in URL; that is, not like It's POSTDATA or whatnot. But you can still manipulate post data.

If it satisfies your challenge to say, the data gets to the server by a POST on, and then the web server stores the state in a closure and forwards to, which displays some things, why would it not be sufficient simply to POST to ?

Is the important point the fact that the data _entered_ /first and was used in /second?

Anyway, thanks for your time. I hope you understand this is a genuine question and I am not trying to be pedantic :-)


1 point by bogomipz 5912 days ago | link

The data is not used on the second page, but on the third.

Submit on the first page sends the data using http post. The second page just displays a link "click here", and it's when following that link the user is unable to alter the data.


4 points by lupisak 5915 days ago | link

Normally, you (or the language/framework you use) will set a cookie with a unique session id, then store the value in memory on the web server or in a database referencing this session id. Then when the new request comes, the user agent (browser) will send the session id back to the server. You can then use it to look up the original value.