Hi Tomas, > I agree with José, I think the URL handling in PicoLisp is broken. > > > The main purpose of an URL is not to copy/paste it, and usually > > mistakes like the above one can be easily avoided. > > Copy and pasting URL is one of the most important features.
Copying session-URLs is not typical. A session in an application is a very local issue, which is normally not copied. Such URLs don't make sense in a context outside of the application, as they depend on the state of the virtual gui components on the server. The Wiki is special in this regard. It is not a typical PicoLisp application. > It should > uniquely identify a resource after all. In this case it completely > failed to identify the wiki page. Yes! And a resource in an application's session is very different from a resource in a static web page. A session should never be identified from the outside. > What you didn't mention for example, is that keeping session in the URL > makes it visible to all sorts of middle men and logged who knows where. The session runs over HTTPS, of course. If not, the application setup is broken. Again, the wiki is not typical here. A cookie in a browser is much less safe, because it is not so obvious to the user. Can he be sure it is removed when he closes the browser? What if he uses the application from an internet cafe? I feel much better and safe with a session ID embedded in the URL, because I can _see_ it. And if I really can't avoid copy/pasting it, I can easily remove the session id part. Only if I'm sure about what I'm doing, of course, because as I said in most cases the URL of a page in a session makes absolutely no sense outside that session. > On the whole, if PicoLisp implements this strategy using session in the > URL, it should also include a fallback that would cope with expired > sessions How? An expired session is a terminated process. All context of that session is gone. > and identify correct pages. We had the discussion some time > ago. This fallback might have to be application specific thing so maybe > the wiki software is broken from this point of view, not sure. Yes, I simply used the existing mechanisms, though a wiki is not a typical application. That wiki was a quick-and-dirty hack, within a few days, to get something running after the old wiki failed. Everybody is free to change it. The sources are available. Cheers, - Alex -- UNSUBSCRIBE: mailto:[email protected]?subject=Unsubscribe
