cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grzegorz Kossakowski <>
Subject Re: Servlet service request
Date Sat, 01 Dec 2007 19:43:33 GMT
Ralph Goers pisze:
> You would never be able to build a large, scalable application doing
> this. 


> It also would violate security requirements if I had to put a
> users account number in the url. The session exists for a reason.

Do you mean number of users' bank account? If so, you would never need to IMO. If it's just
user id,
I wonder how it violates security.

Maybe I'm missing something but I'm really seeking for this reason of session existence.

>> Getting back to the topic, I tried above to proof that having a
>> session is not essential part of web
>> application creation process.
> It is.

I have given my arguments, could you give yours, please?

> I think the answer is simple. The session needs to be shared with all
> servlets in a webapp just as the servlet spec provides. Anything less is
> going to confuse the heck out of users, lead to nothing but trouble in
> the long run and give the impression that Cocoon just tries to make
> everything hard on purpose.

Seems like you trying to say "If you want to persuade others to like your ideas preach them
but not
build the walls". If it's the case, I can understand but I'm still lacking the idea why it's
Having shared session leads to several pitfalls like broken (or at least more complicated)
and an easy way to create really bad-designed applications. I would like to hear arguments
sharing session different from "everyone wants it".

Grzegorz Kossakowski
Committer and PMC Member of Apache Cocoon

View raw message