Μετάβαση στο κύριο περιεχόμενο

The reality and the future of software engineering

Δημοσίευση σχολίου

State Management in Stateless Web Applications: Basics

The proliferation of REST and statelessness in Web Application and Web API design, state management often becomes a matter of misunderstandings and conflict in development teams. Programmers of back-end systems may be used to assume that session-related state is preserved server side and may be referred to as needed by the application code. However, stateful implementations may suffer from performance and scalability limitations, making thus the stateless approach a viable alternative, especially when high-load Web-based systems are considered.


How to pass data between requests in state-less / session-less Web applications

The problem here is that there are cases in state-less Web applications where data from an interaction may be required in subsequent interactions to be processed by the server, even though they are not stored in the server in some form. In this case, you will have to let the Web client provide these data as context (or state) of subsequent interactions.
Specifically, say for example that upon a form submission (Req1) you need to redirect the client (Resp1 (302) - Req2 -Resp2 (200)) to a second page/form where she should fill certain further information and submit (Req3). However, certain information submitted during Req1, or computed by the server as a result of Req1, need to be processed along with the information provided during Req3 so that the server can apply its processing logic. In this case, there are two basic options you can follow:

  1. Cookies as context: I will not go into the theoretical aspects of how HTTP and REST considers state however, this is a case where Cookies can be used in a REST-compliant manner. More specifically, Resp1 should include Set-Cookie headers specifying appropriate cookies to be set by the browser. Subsequently, the browser includes the cookies to Req2 and ultimately to Req3 so that they can be processed by the server.
  2. As part of the URL: The data that need to be passed to Req3 can be part of the redirection URL and subsequently to the Req3 URL. As URLs are primary elements of HTTP messages and are characterized by increased visibility (e.g. visible to the end user, logged into files/history, etc.), the information may need to be encoded or even encrypted before being included in the URL.

Presumably, there is a number of issues that should be considered when allowing the client to convey session-related state. For instance, trust between client and server is one of the most important ones. If the data that should be passed are sensitive, or should not be tampered by the client or any mediating component, then encryption techniques should be employed before passing the data to the client (either as Cookies or as part of the URLs).
Also, it should be understood that such a mechanism enforces an explicit dependency between the two pages, therefore the second page should not be able to be accessed without the provided cookie (i.e. the Req2 should fail if no Cookie has been specified).
Ετικέτες

Σχόλια

Δημοσίευση σχολίου

Δημοφιλείς αναρτήσεις από αυτό το ιστολόγιο

Counting Words, Characters and Lines with Notepad++

One of the best text editors in Windows is Notepad++ as it is lightweight, it provides a wealth of useful functionality –let alone the possible extensions through plugins. File Summary A useful feature of Notepad++ is that you can easily get a view on the size metrics of the document you are currently working on (characters, words, lines, etc). However, the menu is not that intuitive on finding that capability. So in order to get the above values you should go to: View >> Summary… The summary contains the following: Full path Created Modified File length (in byte) Characters (without blanks) Words Lines Current document length Selected Area Summary Nevertheless, the above summary provides file-level statistics and it may only provide the number of bytes and characters of a selected area. In order to count the word, characters, lines, etc. for just a selected part of the file you can install and use the TextFX Character plugin through the...
2 σχόλια
Διαβάστε περισσότερα

Creating a user registry - design and development tips based on modern guidelines and standards [Part 1: Introduction]

Sooner or later, it is almost inevitable that a software engineer comes across the challenge of creating a user registry to store users, user attributes, user credentials and authentication / authorization activities. It is a very common need since most applications, especially  Web and mobile  ones,  require such functionality, however there are quite a few pi tfalls in building a secure registry that will resist external and internal attacks. And it will attract attackers since it is one of the most critical component  of an application / platform  were sensitive data are stored. Nowadays, there are offerings by cloud providers to create your user registry on their platforms or use OAuth to accept users from other applications, instead of storing their credentials in your premises. Also, there are of course, COTS solutions to run on-premises. Such solutions are definitely a valid way to avoid a significant number of concerns that you have when you build a...
Δημοσίευση σχολίου
Διαβάστε περισσότερα