Subject: Re: Cross-lisp questions and my #lisp experience
From: rpw3@rpw3.org (Rob Warnock)
Date: Thu, 09 Feb 2006 03:18:30 -0600
Newsgroups: comp.lang.lisp
Message-ID: <tsSdncQ2QoJ7lXbenZ2dnUVZ_tqdnZ2d@speakeasy.net>
Robert Uhl  <eadmund42@NOSPAMgmail.com> wrote:
+---------------
| tfb@conquest.OCF.Berkeley.EDU (Thomas F. Burdick) writes:
| > [rpw3 wrote:]
| >> IME, the correct solution is to: (1) do your initial design *as if*
| >> you were using real continuations; but then, (2) CPS-transform the 
| >> design[2] into a state machine with input-value-carrying transitions
| >> [and once you have done this, CL works as well as Scheme]; (3) choose
| >> an externalizable representation for the states and the permitted
| >> transitions [that is, the CPS'd "continuations"]; then either
| >> (4a) store the "continuation" in the web page delivered to the user
| >> (encrypted and authenticated as much as necessary to prevent spoofing
| >> and/or replay attacks), or (4b) store the "continuation" in a real
| >> database, but recognize the need to perform "GC" on the stored
| >> "continuations", with the inevitable upset that will cause to a
| >> few users when their form "times out".
| >
| > This sounds to me like REST, which I happen to think is the right way
| > to do web programming.  Declarative mechanisms for building your state
| > back up from the input help a lot (I use Cells for this).
| 
| Depends on how 4a is implemented--it could end up with EvilURLs[1]...
+---------------

Not necessarily. If one uses POST operations with <INPUT TYPE='hidden'>
fields to hold the encoded state, the URL stays small -- in fact, for
the production apps I've written, the URL is generally *constant*!!

[Yes, this means that if the user wants to save the state of their
interaction and come back to it days later they need to save the
displayed *page*, and then fetch it off their local disk later.
The disadvantages of this are IMHO less than the disadvantages
of the alternatives.]

+---------------
| If implemented with cookies, then EvilURLs can be avoided, although it
| does mean that the user can't be logged in as one person in one browser
| tab and as another in another. This is not IMHO a very big problem.
+---------------

Maybe not to you, but I and many others I've talked to think it's
a *HUGE* problem, since it prohibits the user from making stateless
forays into the various alteratives of the web space without prematurely
committing themselves irrevocably.


-Rob

-----
Rob Warnock			<rpw3@rpw3.org>
627 26th Avenue			<URL:http://rpw3.org/>
San Mateo, CA 94403		(650)572-2607