Re: Options on session control in a web application

From: Malcolm Dew-Jones <>
Date: 3 Aug 2008 18:15:36 -0800
Message-ID: <48965838$>

Ed Prochak ( wrote:

: Malcolm Dew-Jones wrote:
: > Ed Prochak ( wrote:
: > : Connected to:
: > : Oracle9i Enterprise Edition Release - 64bit Production
: > : With the Partitioning and Oracle Data Mining options
: > : JServer Release - Production
: >
: > : Showing my lack of User interface application skills here.
: >
: > : We have web applications built with PL/SQL. The goal is to develop a
: > : simple timing application. When the user enters the fist screen, make
: > : a log entry which include the time. When they exit that screen, note
: > : how they exited (e.g. OK or CANCEL button pressed) and update the log
: > : with a stop time. Given the stateless nature of HTML, what's the best
: > : practice to deal with this situation?
: > : Use a cookie?
: > : Use hidden HTML form fields?
: > : Other?
: >
: > As long as the hidden field does not have security issues, then I think a
: > hidden field is the easiest for simple tasks.

: Sounds good. Just wondered if a cookie might be better.

The "problem" with a hidden field is that every page of the applicaiton has to pass it along. For example, if a user visits an html page with instructions then they can't "continue" to the next page and keep the hidden field unless the "html" file is actually a cgi script that populates a hidden field (or url parameter). In a simple situation that is not a hassle, but with multiple screens it does get to be a hassle.

A cookie is potentially more hassle to program. But if your tools / ennvironment have simnple routines then handle cookies then a cookie becomes simple and the only downside at all is that you have more "things" that your code has to handle.

I think in the long run it is good for a programmer to figure out how to use cookies in their web programming environment, because once you can use them easily then they are convenient for every project.

: >
: > Your application will see the hidden field just as if it were a normal
: > field. In fact during test/development you could use the field as a
: > normal input field so as to test various inputs.

: We have hidden fields for some other information on this and other
: pages, so I'm comfortable with that.

: Thanks.
: Ed

Received on Sun Aug 03 2008 - 21:15:36 CDT

Original text of this message