[nycphp-talk] AJAX and State
tedd
tedd at sperling.com
Fri Sep 7 10:14:41 EDT 2007
At 6:16 AM -0400 9/7/07, Elliotte Harold wrote:
>tedd wrote:
>
>> From many of the post here, I thought someone had discovered something new.
>
>Discovering something truly new is rare. There's almost always
>someone who discovered it before you. Sometimes we don't believe
>them, though, until we discover it for ourselves.
Let me restate that "discovered something new to me" -- which isn't
that hard to do.
>There are no sessions, or at least there shouldn't be in
>well-designed Web applications.
Ouch -- straight through the heart, and now you've got my head hurting too.
In all my "applications" I use sessions to pass significant variables
around from page to page. Each page is doing something different for
the user and it make sense to me to break the routines into different
groups and string them together using sessions.
If the user opts out at any time, then no harm done. If I want the
user to have a state to come back to, then I use cookies "on-the-fly"
to store that on the user's machine. For example:
http://ancientstones.com
If a user is looking through the widgets and has a search criteria
they like, it's saved on their machine as a cookie and when they
return, it's still there.
However, if the data is "sensitive", then I require a log-in. If the
user leaves in the middle of a session, and I want to store the
session for the user, then I use the session id and mysql to store
data and state on the server and the sid in a cookie on the user's
machine. When they return, I check session id's and require another
log-in before presenting "sensitive" data and they're back where they
were.
All pretty simple stuff.
If someone told me that I couldn't use sessions, then I'm not sure
how I would handle "sensitive" data. For example, I'm currently
working on a site that provides papers, articles, tapes, cds,
conferences, seminars, and videos to it members. However, they must
be currently paid-up members to access the goodies.
My solution is to simply require them to log-in and set a session
auth variable to OK and turn them loose. Then they have access to all
the goodies.
While what they ask for on the site is provided in the URL via a GET,
and as such, they could bookmark it and/or send the URL to someone
else -- but they can't get at the goodies without being logged-in
(i.e., session auth variable set to OK).
Again, all pretty simple stuff.
This works for me -- but, how do you do this without using sessions?
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
More information about the talk
mailing list