HttpView overhaul was: Re: Exploring Zope and ZPatterns
[WEB][IDEA]
Jimmie Houchin
jhouchin at texoma.net
Fri Oct 31 15:34:19 UTC 2003
Avi Bryant wrote:
> On Thursday, October 30, 2003, at 08:14 PM, Jimmie Houchin wrote:
>>
>> To me putting state and such into the URL makes the app/page to user
>> manipulatable. (From memory) When playing with Seaside a few weeks ago
>> and going thru the tutorial, it seemed as if I could go back to the
>> beginning by merely removing the session/state off of the URL.
>>
>> If I can successfully authenticate the user I prefer to have any of
>> that stuff stored server side and not at the disposal of the the user.
>>
>> The most I would care to have is a user/session key in the URL.
>> The key could be base64 or base256 or the largest baseWhatever that
>> has URL permissable characters or something which would allow for a
>> very small and brief (few characters) keys and still allow for
>> enormous numbers of users/sessions etc.
>>
>> If the key in the URL is to an old session, request the user to login
>> (authenticate). If the user wishes to be anonymous set new session key
>> in the URL. This would allow bookmarking to be successful even if a
>> session key is embedded in the URL. Not the best of bookmarks, but
>> users will do such.
>
>
> This is precisely how Seaside works. No meaningful state is stored in
> the URL - it's just a key to server side state.
Okay. I may be misunderstanding something.
When removed the session key, it appeared that I got a new key as if I
had never done anything before that point. To me that seems to undermine
the magic that Seaside does.
Also the second key in the URL when modified/removed/manipulated seemed
to alter Seasides handling of things.
This is all from memory and may be faulty. I haven't used Seaside on the
WinXP machine I'm currently on. Any time I've tried
Squeak/Comanche/Seaside on this machine I've never been able to see the
page in the browser. I don't remember any such problems when it was a
WinME machine. I don't know if XP handles network/localhost differently
than ME or what.
I'll try to get it up and running on this machine later.
I want it to be understood that I am not putting Seaside down. I like
Seaside and it seems to enable many types of apps which could/would
otherwise be more difficult.
Jimmie
More information about the Squeak-dev
mailing list
|