[whatwg] Web application issues (localization, session handling)

Mikko Rantalainen mira at cc.jyu.fi
Wed Jun 16 09:32:16 PDT 2004 

There has been a lot of discussion about different controls web 
applications need but I would want to raise discussion on a few 
other issues with developing web applications.

First of all, I'll declare that I consider a "web application" to be 
an application that has front end or user interface as much similar 
to a static web page as possible. This is because the user is 
(hopefully) already familiar how to navigate static web pages so why 
not build on that knowledge?

As I've tried to build such applications (and without JavaScript so 
the application would be accessible with older and special utility 
user agents such as mobile devices and braille displays, hopefully 
with aural user agents too), I've hit a couple of hard problems. All 
of these deal more or less with session handling.

1) Allow controls that look like links and still use POST
2) Submit button localization
3) The Back button
4) Duplicate window
5) Open link in new window

Detailed description of every issue follows:

1) OK, I can almost "solve" this one with CSS but still, why not add 
new attribute "method" for every link that could have values "get", 
"post", "delete" etc. That way I could, for example, add tree links, 
that look like normal links, after a discussion forum message. Those 
could have labels such as "Show parent", "Reply" and "Remove". The 
user agent would be aware that the first link just displays data 
(and could be prefetched), second modifies data and the last one 
destroys data. UA could even default to different cursors or 
whatever to differentiate between different types. In addition to 
this, we could have "get-with-form-data", "post-with-form-data" (as 
usual) and "delete-with-form-data" and the UA would send all 
successful form controls upon link activation which would save 
repeating some session book-keeping data in every link (usually 
every link must have at least some session data; more about this later).

2) I don't know who was the genius behind the decision to use 
"value" attribute as the label of the button but that decision 
forces me to do actions according to control names. If I have 
buttons "add" and "rm" and those are localized in Finnish as "Lisää" 
and "Poista", I don't have any other way to decide which one was 
pressed but check if form control "add" was set. (I cannot easily 
check for "Lisää" and "Poista", because environment language could 
have been changed by another user / via another window while this 
dialog was open.) This causes needless extra book-keeping to make 
sure that I never use name "add" for any other element, like for 
example for a text input because it would be always successful! How 
about "label" attribute so that "value" can be what it was supposed 
to be? As a workaround I can name all such controls as 
"action_something" and look through controls that match regexp 
"action_.*" only... Namespace collisions of different controls get 
harder to avoid when I need to keep very much of session data in 
addition to user input and the whole page is generated on the fly.

3) As per HTTP protocol, a compliant UA should NOT send any data to 
server when user activates history action. So, I have to keep all 
session related data on the form so that UA can keep track which 
data belongs to which dialog. If my application stored any live 
session data (instead of just user settings and other more or less 
static things) on server end a single press of the back button would 
cause the server and client to go out of sync and the whole logic 
would collapse. Currently all links are problem because if I have 30 
links on a generated page, I have to repeat session data 30 times 
(once for each link so that no data is lost once a link is 
activated). I cannot use cookies because I want to support running 
multiple user accounts in multiple UA instances (user1 in window1 
and user2 in window2). Cookies cannot fork either, see below.

4) and 5) The issue here is really a forking problem. Say, we have a 
dialog A, which has possible actions 01, 02 and 03. 01 leads to 
dialog B, 02 leads to dialog C and 03 leads to dialog D. User first 
activates 02 with "Open in a new window" and server returns B. Then 
the user select action 03 on the dialog B that leads to dialog E. 
Then the user changes to previous window and select 03 which should 
lead to dialog D (because the other window had dialog A open). Throw 
a couple of Back-buttons in the mix and you begin to see the 
issue... Clearly the user wanted to use multiple windows and 
back-button presses to do the actions, so the issue isn't how to 
prevent opening new windows or disabling back-button. The issue is, 
how to still keep the session handling sane while using logically 
connectionless protocol such as HTTP? My current answer to this is 
to keep as much data about the session embedded in the page as 
possible. If the UA is able to duplicate windows or display 
historical pages, it will use the embedded data in that copy, too.


For the 3), 4) and 5) I'd propose adding two magical hidden field 
names: "_frame_id_" and "_document_id_". Both would be always 
successful and their values would be set automatically. The 
_frame_id_ would be unique for the current set of page instances (in 
practice, an unique identifier for all the windows and frames) and 
_document_id_ would be unique for all documents (pages) the UA 
handles, including past, current and future. _frame_id_ could be 
implemented as a serial number that has been attached to every 
window or frame and every time a new window or frame were created, 
the serial number would be increased by one. The _document_id_ would 
be similar, but it would be increased every time any document had 
been loaded in any frame. This would include going back and forward 
in the history. The server end could then use these two values to 
figure out which dialog sent out the event. [1]


Thanks for reading this far, hopefully you could decipher my 
ramblings. Any thoughts?

-- 
Mikko

[1] As I think it further, I think _document_id_ is worthless 
because even the server could generate an unique identifier for 
every page (like getCurrentTime() for example). However, being able 
to differentiate between two similar calls that come from two 
identical windows could be beneficial in some cases. I left the idea 
floating still - perhaps somebody comes up with something better...

More information about the whatwg mailing list