278 CHAPTER 9 STATE NAVIGATION PATTERN And last, notice how the AcceptHTTP header accepts only the type application/xml. This is on purpose even though a MIME type such as application/ajax-state would have been more appropriate. It is critical to use application/xml because then the XMLHttpRequestand web browser will recognize the returned data as XML. Using another MIME type causes the XMLHttpRequest type to not parse the generated XML and returns the content only as a text stream. As an architectural side note, a format such as JSON could be used to define the state. When asked for a state for the first time, the server will not have an associated state and will need to create an empty state. The empty state response is illustrated as follows: HTTP/1.1 200 success X-Page-State: 11 Date: Sun, 18 Sep 2005 11:19:30 GMT Server: Apache-Coyote/1.1 In the response, the server issues an HTTP 200 command to indicate that the request was a success. The body may be empty, but in the case of the example would be the XML to indicate an empty state. An empty state is generated so that the requesting client can go through the hoops of asking for a state, but nothing will be modified. The HTTP header X-Page-State is returned to the client to indicate what the state identifier is, and in this case the state identifier 11 is returned. When associating a state with a URL, that state could be accessible from every browser regardless of location and therefore be considered a security risk. However, in this example, the state is not accessible everywhere because the URL, window name identifier, and state iden tifier are tied together. A hacker would have to know all three before being able to access the state. Additionally, for extra security, HTTPS or some form of authentication can be used. Depending on the nature of the state, the solution could involve using requesting IP addresses, authentication information, or even cookies. It is important to realize that if cookies are used to authenticate a user, the usefulness of the State Navigation pattern is extremely limited. Cookies can cross web browser instances, but not different web browser types or computer locations. The better solution would be to use HTTP authentication because the web browser can ask for HTTP authentication regardless of browser or computer location. When the HTML page and state requests have been processed, the client can fill out the form with some data. Having added all the data into the form, the user can click the Submit Query button. Clicking the button causes the onsubmit event to be triggered, which results in the State Navigation pattern implementation on the client side to call the server by using the XMLHttpRequest object. The call generates a request that is illustrated as follows: POST /ajax/chap07/linkToPage2.xml HTTP/1.1 Accept: application/xml Accept-Language: en-ca Accept-Encoding: gzip, deflate Content-Type: application/xml Content-Length: 364 Connection: Keep-Alive Cache-Control: no-cache X-Page-Original-Url: /ajax/chap07/page1 X-Page-Window-Name: window-2005-10-03-10-10-10-1245 X-Page-State: 11
We recommend you use shared web hosting services, because many users agree that it is cheap, reliable and customer-satisfying webhost.
This entry was posted
on Wednesday, November 14th, 2007 at 5:22 am and is filed under Coldfusion.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.