On Sun, 2008-01-20 at 23:58 -0600, Dave Rolsky wrote: > On Mon, 21 Jan 2008, Aristotle Pagaltzis wrote: > > > The part where web browsers really do suck – and I really mean > > suck utterly terribly – is HTTP Auth, which makes you have to… > > well, you don’t quite have to violate REST constraints, but you > > are forced to traipse into grey areas like cookie-based auth (not > > sessions!). > > I think sessions _can_ be RESTful if they are part of the URI, though you > probably wouldn't want to use them for auth. > > I _do_ use sessions in VegGuide.Org in what I think is a RESTful way. > Certain redirects will send you to a URI like > http://www.vegguide.org/user/login_form/-/a746d3cba351bde58debde610b40715d49ec4312 > > This user represents a unique thing, which is the login_form + a session. > I only use the session to hold very transient things, like error or > success messages after a form submission. In the case of an error, it also > holds the state of the form so we can repopulate it.
Along these lines, how is everyone doing multi-page forms? I like to do GET/POST/redirect, but that needs the session to get the data from page 1 to page 2. Without a session, I use the old "POST returns the form with hidden fields that is page 1", but i *hate* that technique. So I use the session. (I also use the Flash for "You've added a record successfully!" messages. Totally non-RESTful, but the users seem to like it.) Regards, Jonathan Rockway
signature.asc
Description: This is a digitally signed message part
_______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
