[Catalyst] Re: Subsessions?

A. Pagaltzis pagaltzis at gmx.de
Sat Sep 29 05:55:14 GMT 2007

* Rainer Clasen <bj at zuto.de> [2007-09-27 12:25]:
> After saving some data I want to redirect the user back to
> where he came. So I'd like to keep track where the user came
> from. As I expect the User to use several Browser windows,
> neither Cookie based Sessions (incl. stash) work in all
> scenarios. Right now I'm using the HTTP Referer, which I'm also
> considering a bit clumsy.

You’re asking the wrong question. Sessions are a bad idea in
general; application state should live on the client, not the
server. All state on the server should be resource state, ie it
should have a URI of its own.

I don’t use sessions *at all*[1], so my apps have all of the
properties you describe above without any effort on my part.
Basically the way you are designing your app goes against HTTP’s
grain. Work with HTTP rather than against it and you will get
simpler designs that work more robustly.

A context-free explanation of the design principles would take us
too far afield here; for that, I can warmly recommend O’Reilly’s
_RESTful Web Services_.

> Furtermore there are users who have access to other users'
> data. I'd like them to select them *once* which user's data
> they want to work on and keep this for the current browser
> window. Again I expect the user to use multiple browser windows
> (say for working with multiple users' data at the same time).

Bake the selection into the URI. That solves the problem without
any weird machinery on the server.

If you explain how your form interactions look like and what sort
of data you want to put into these subsessions, I could make some
suggestions for how to structure your URIs and the actions on
them to achieve the same goals without sessions.

> I've had no luck finding something similar for Catalyst.

Sometimes, no code has been written to solve a problem because no
code is necessary. :-)

[1] And my only use for cookies is to store an auth token.
    I’d prefer to avoid them entirely, but the HTTP auth
    implementation in browsers is atrocious even today.

Aristotle Pagaltzis // <http://plasmasturm.org/>

More information about the Catalyst mailing list