Robert Uhl <eadmund42@NOSPAMgmail.com> wrote:
| tfb@conquest.OCF.Berkeley.EDU (Thomas F. Burdick) writes:
| > [rpw3 wrote:]
| >> IME, the correct solution is to: (1) do your initial design *as if*
| >> you were using real continuations; but then, (2) CPS-transform the
| >> design into a state machine with input-value-carrying transitions
| >> [and once you have done this, CL works as well as Scheme]; (3) choose
| >> an externalizable representation for the states and the permitted
| >> transitions [that is, the CPS'd "continuations"]; then either
| >> (4a) store the "continuation" in the web page delivered to the user
| >> (encrypted and authenticated as much as necessary to prevent spoofing
| >> and/or replay attacks), or (4b) store the "continuation" in a real
| >> database, but recognize the need to perform "GC" on the stored
| >> "continuations", with the inevitable upset that will cause to a
| >> few users when their form "times out".
| > This sounds to me like REST, which I happen to think is the right way
| > to do web programming. Declarative mechanisms for building your state
| > back up from the input help a lot (I use Cells for this).
| Depends on how 4a is implemented--it could end up with EvilURLs...
Not necessarily. If one uses POST operations with <INPUT TYPE='hidden'>
fields to hold the encoded state, the URL stays small -- in fact, for
the production apps I've written, the URL is generally *constant*!!
[Yes, this means that if the user wants to save the state of their
interaction and come back to it days later they need to save the
displayed *page*, and then fetch it off their local disk later.
The disadvantages of this are IMHO less than the disadvantages
of the alternatives.]
| If implemented with cookies, then EvilURLs can be avoided, although it
| does mean that the user can't be logged in as one person in one browser
| tab and as another in another. This is not IMHO a very big problem.
Maybe not to you, but I and many others I've talked to think it's
a *HUGE* problem, since it prohibits the user from making stateless
forays into the various alteratives of the web space without prematurely
committing themselves irrevocably.
Rob Warnock <firstname.lastname@example.org>
627 26th Avenue <URL:http://rpw3.org/>
San Mateo, CA 94403 (650)572-2607