Ed W wrote: > Hi > > >> and to make matters worse, many of the >> input forms do a really, really ugly hack where each time a new item is >> added, instead of preserving state somewhere it's sent back to the client - >> html and all - in a hidden field. This alone makes it nearly impossible to >> properly protect against XSS attacks. >> >> > > > As an aside, whilst I am not saying that it's impossible to do this all > with only sessions, I am actually baffled as to how it could be done and > need to do something similar in another project. So if someone can > describe how to have multi-window state kept using only sessions then > please let me know... (I can't see how to do it without having a > session_id in the URL in order to figure out which window is submitting > each time??) > > This is what REST is about--REpresentational State Transfer. All of the state information is kept in the request, so the server doesn't need to maintain state for each request. This has the benefits you're looking for--proper browser history, ability to have different sessions in different windows of the same browser, etc.
To make this work, each request needs to have all the information necessary to rebuild the state... and you don't tend to store state on the server... some sort of hybrid may be more appropriate, especially if we do more of a transaction model for certain things... -- John Locke "Open Source Solutions for Small Business Problems" published by Charles River Media, June 2004 http://www.freelock.com ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Ledger-smb-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel
