[Seaside] Truly Opaque URLs

Lukas Renggli renggli at gmail.com
Fri Nov 30 18:29:42 UTC 2007

> http://www.seaside.st/about/examples/multicounter/sAuAnwVDpWPgxuITuEvuGsyu

Seaside 2.0 to 2.3 (or something around that version) had the IDs in
the URL, not in parameters. See www.squeaksource.com for example. That
makes it difficult to create bookmark-able URLs.

> Could such a URL management also enable possibly a shorter URL? How long
> (how many characters) does something like a BASE64 ID have to be to be
> unique enough to identify the code running at that point in that image?

You easily number them or use any other unique string to identify
them. See the references to the WAExternalID class.

This would mean of course, that people would be even more tempted to
play with the parameters and you would loose the important security
aspects of your application. It would be ways much easier to guess the
parameters and go into a different session.

> To me the more opaque and the shorter the opaque portion of the URL the
> better. I think this can help reduce arguments against the ugly URLs in
> Seaside. It won't eliminate the arguments, but if we can have RESTful
> style URLs up to the opaque ID, then we can have much of the best of both.

I don't see a problem. You can already have that by using session
cookies. Then you only have the _k parameter remaining. In some cases
you can also get rid of _k (see www.cmsbox.ch for example), but I
don't suggest that you try that.


Lukas Renggli

More information about the seaside mailing list