Eelco, one of the points I tried making (and seemed to have gotten lost
in the loop) is this:1) User is viewing a non-bookmarkable page http://www.google.com/Main/Start?wicket:interface=:0:: but wicket displays http://www.google.com/Start in his URL bar instead (not sure if this is technically possible, but assume it is this for a moment) 2) If the user then tries copy/pasting the URL into someone else's browser it'll display the original bookmarkable page which led to the non-bookmarkable page. The benefit there is that the user will never get a "Page Expired" page and instead get behavior we already see on other commercial websites which is basically that users understand that Amazon stores some some personal information in your browser cookie and *some* URLs you cannot simply copy/pasted to your friend and if you do it'll take you to some alternate page instead. For example, if you go to Amazon, add some book to your cart do "checkout" and copy/paste that the URL into someone else's browser it'll recover gracefully by redirecting you to some page displaying something related to cart (maybe it displays your cart as empty) or some page displaying a list of products. The point is that it handles this gracefully instead of displaying any sort of "oops you screwed up" page. I am suggesting you might consider making this behavior default in Wicket production mode. Even if you can't hide the non-bookmarkable URLs in step 1, consider making it such that if a user pastes it into a browser it redirects him to the original bookmarkable instead of the Page Expired page (or you could make this behavior further configurable by adding some hooks). Just food for thought. It might be a good idea or not. Gili Eelco Hillenius wrote: > Look, this discussion every time again is getting old. It has been > stated many times before: the difference between Wicket and many other > frameworks is that Wicket's URL are 'safe' *by default*; if you want > them to be public (bookmarkable), you have to be explicit about it. > With other frameworks, you have to do something extra to make the > URL's secure. Imo, and certainly for the desktop-like apps I'm > building, the safe by default option is better. For public facing, > open apps, this might be inconvenient. But it is not much work to make > pages bookmarkable, and we're still working (Matej had some cool > ideas) to improve URLs so that even non-bookmarkable pages are > recoverable to some extend. However, Wicket will be a safe by default > framework in future too. If that's something that is problematic for > you, you can always consider using another framework. But you'll find > there is always something *not* to like about a framework. > > Eelco > > > On 11/22/06, Eelco Hillenius <[EMAIL PROTECTED]> wrote: >>> I think you're missing a very important use-case. I created a Wicket >>> webapp at work, what happens on a weekly basis is that someone sees >>> something he wants to discuss so he copy/pastes the URL from his browser >>> into an email. Non-nice URLs shouldn't even be visible for people to >>> mistakenly export. >>> >>> Sometimes someone just wants to give someone else a link to my >>> webapp >>> (not expecting it to display anything in particular) and it just so >>> happens their browser has it open with a non-nice URL. Again, they will >>> copy/paste that and the receiver will get an ugly URL and Page Expired. >> So PLAN for that then. If you want a URL to be bookmarkable implement >> that! What about step X of wizard Y? The checkout part of an online >> store? Stuff like that... did you ever try to send an email with a >> link like that and expect it to work? >> >> Eelco >> > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Wicket-user mailing list > Wicket-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wicket-user
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
