When programming for the web, it's annoying that there is no persistence. Yet, because users can use the Back button, open links in new windows, make bookmarks and generally move all over the place, ordinary persistence is a bit of a mess.
The word of the OSDC 2004 conference was continuation; here's a quick explanation of continuations.
Now, it seems to me that the model of the web corresponds pretty well to continuations. The program runs up to the point where interaction with the user is required. At that point, it encodes the continuation into the links given to the user, and quits.
When the user clicks one of those links, the URL contains a continuation and whatever response the user gave. Decode the continuation, resume it, and voila! - it all works.
Done properly, it'd be mostly invisible to the programmer. Just call a function to display the web page, and get back an answer. No sessions or any of that stuff.
The user can use the back button, have several windows open, bookmark a page and come back to it weeks later - everything works.
Security considerations
Obviously, running continuations that come in from the net can be hazardous. Two options:
- Store the continuation in a database and hand the user just the MD5. You have to make some sort of expiry arrangement, but it's probably the better of the two options.
- Sign the continuation, and authenticate it when it comes back in. However, this is only really usable for the POST method, not for GET.
Another concern is updates. If one of your libraries has a security update, then - depending on how the continuations are made - you might have to invalidate the lot of them.
Notes
- Users are somewhat used to the current session-based model of the web; for instance, they would be very surprised if they got separate shopping baskets in each window (even if that would mean they can bookmark them). This is not a problem; just something to keep in mind when using existing metaphors. Just use the continuation to store a basket ID and keep the basket the usual way. The principle of least surprise and all that.
- Serializing database cursors and open files would be hairy; one might end up disallowing this and having some re-init code. It might not be sufficiently advanced technology, but if it's a choice between that, and nothing at all...
- Similarly, one might simply re-init most of the libraries instead of resuming them. This would have the advantage of upgrading existing bookmarks to new versions, if any.
- Of course, I'm not the first to think of this; for instance here (in scheme, but then it is the kind of thing that would be prototyped in scheme or lisp first) or here (in ruby) or here (discussion of some of the issues) or here (mention in passing).
- With Stackless Python, it would even be readable... Stackless supports pickled continuations .
- Update 4.12.2004: Korny's pointed out that on an intranet, security may not be a problem, so one can just put the thing in a hidden field.
⇦ Idea: article ratings for a blog-reader | ⇨ Diveplot |
Comments disabled on account of spam.
