State Management Options
- Saving state in a hidden field on page.
- Use URL GET query string.
- Use cookies.
- Use Session cracking.
Putting state into hidden fields on HTML page.
Putting the state in the URL query string.- Compatible with all browsers.
- Cannot be blocked by user with out blocking entire form.
- Cannot be manipulated/corrupted by user.
- State deleted as soon as user closes browser/leaves site.
- Large state data will slow transmission to and from server.
- Easily read unless encrypted.
- Lost if user goes to a normal(non-posted) page.
- Compatible with all browsers.
- Very simple and easy to add to any page(no form needed)
- State deleted as soon as user closes browser/leaves site.
- State becomes highly visible to user and anyone else.
- Must convert(serialize) state to strings (name value pairs)
- Limited storage (Max allowed URL length is around 2K)
- Lost if user goes to a page outside of the application.
Cookies
Putting the state in browser side cookies.
Putting the state in server side database.- Stays around for life time of application(Can be stored permanently by setting expiration time).
- Less visible than URL and hidden fields.
- Limited storage - around 4K
- Still requires state to be converted into a string.
- User can block cookies via browser settings.
- Very secure.
- Cannot be blocked by client.
- Can use an in-memory database for speed.
- Can store lots of data and keep it in original form.
- Scalability issues: server must store state for all clients.
- Must use time outs to detect and clean up dead sessions.
Posts
No comments:
Write comments