Ralph Goers pisze: > You would never be able to build a large, scalable application doing > this.
Why? > It also would violate security requirements if I had to put a > users account number in the url. The session exists for a reason. Do you mean number of users' bank account? If so, you would never need to IMO. If it's just user id, I wonder how it violates security. Maybe I'm missing something but I'm really seeking for this reason of session existence. >> Getting back to the topic, I tried above to proof that having a >> session is not essential part of web >> application creation process. >> > It is. I have given my arguments, could you give yours, please? > I think the answer is simple. The session needs to be shared with all > servlets in a webapp just as the servlet spec provides. Anything less is > going to confuse the heck out of users, lead to nothing but trouble in > the long run and give the impression that Cocoon just tries to make > everything hard on purpose. Seems like you trying to say "If you want to persuade others to like your ideas preach them but not build the walls". If it's the case, I can understand but I'm still lacking the idea why it's needed. Having shared session leads to several pitfalls like broken (or at least more complicated) caching and an easy way to create really bad-designed applications. I would like to hear arguments for sharing session different from "everyone wants it". -- Grzegorz Kossakowski Committer and PMC Member of Apache Cocoon http://reflectingonthevicissitudes.wordpress.com/
