HttpView overhaul was: Re: Exploring Zope and ZPatterns [WEB][IDEA]

Jimmie Houchin jhouchin at texoma.net
Fri Oct 31 15:34:19 UTC 2003 

Avi Bryant wrote:
> On Thursday, October 30, 2003, at 08:14 PM, Jimmie Houchin wrote:
>>
>> To me putting state and such into the URL makes the app/page to user 
>> manipulatable. (From memory) When playing with Seaside a few weeks ago 
>> and going thru the tutorial, it seemed as if I could go back to the 
>> beginning by merely removing the session/state off of the URL.
>>
>> If I can successfully authenticate the user I prefer to have any of 
>> that stuff stored server side and not at the disposal of the the user.
>>
>> The most I would care to have is a user/session key in the URL.
>> The key could be  base64 or base256 or the largest baseWhatever that 
>> has URL permissable characters or something which would allow for a 
>> very small and brief (few characters) keys and still allow for 
>> enormous numbers of users/sessions etc.
>>
>> If the key in the URL is to an old session, request the user to login 
>> (authenticate). If the user wishes to be anonymous set new session key 
>> in the URL. This would allow bookmarking to be successful even if a 
>> session key is embedded in the URL. Not the best of bookmarks, but 
>> users will do such.
> 
> 
> This is precisely how Seaside works.  No meaningful state is stored in 
> the URL - it's just a key to server side state.

Okay. I may be misunderstanding something.

When removed the session key, it appeared that I got a new key as if I 
had never done anything before that point. To me that seems to undermine 
  the magic that Seaside does.

Also the second key in the URL when modified/removed/manipulated seemed 
to alter Seasides handling of things.

This is all from memory and may be faulty. I haven't used Seaside on the 
WinXP machine I'm currently on. Any time I've tried 
Squeak/Comanche/Seaside on this machine I've never been able to see the 
page in the browser. I don't remember any such problems when it was a 
WinME machine. I don't know if XP handles network/localhost differently 
than ME or what.

I'll try to get it up and running on this machine later.

I want it to be understood that I am not putting Seaside down. I like 
Seaside and it seems to enable many types of apps which could/would 
otherwise be more difficult.

Jimmie

More information about the Squeak-dev mailing list