- From: Koen Holtman <koen@win.tue.nl>
- Date: Fri, 3 Nov 1995 15:40:08 +0100 (MET)
- To: "M. Hedlund" <hedlund@best.com>
- Cc: montulli@mozilla.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
M. Hedlund:
>[Lou Montulli:]
>>In fact, [Dave's proposal] reduces the capibilities such that it is nearly
>>unusable for large scale applications such as online shopping.
>
>I disagree (as a programmer for an online shopping site). I do agree that
>an extremely large online shopping site with many stores or large ordering
>possibilities might hit an upper limit with the state-info proposal if they
>tried to store all ordering info in the State-info: header. This concern,
>however, is not pressing for the vast majority of ordering systems, which
>accumulate a small number of items in each session.
I agree.
> I would like to see
>the State-info proposal incorporate the cookie proposal's concept of
>"path", which I think would solve this problem.
"path" may shift the upper limit to a higher value (but only if
implemented in a certain way), but it will not solve the problem of
there being an upper limit (determined by the browser, server, and
proxy software) on the size of the State-Info header transmitted.
If your amount of state is larger than the upper limit, you will end
up storing it in a server side database, using the contents of the
State-Info header as a key into the database.
Of course, this is not elegant. A server cannot generally detect the
end of a session, so it will have to use some timeout scheme to take
no longer used key-state pairs out of the database after, say, 12
hours.
The question is: is this solution to the large shopping bag problem
feasible? I think the answer is yes. The resource requirements for
this database solution are not higher than those of several things we
already have:
1) Size of the database:
- The database will always be very much smaller than the server access
log file, so that is not a problem.
2) Time spent doing database lookups:
- WWW servers already do (cached) database lookups for each request:
they map the IP address of the client to its internet host name for
use in the logfile. Session state database lookups will have the
same time complexity and opportunities for caching.
- WWW servers that use authentication also do database lookups for
each request:
- www.dds.nl has a database of 30,000 username/password
combinations accessed for each request.
3) Time spent implementing the database
- It was very easy to implement cached database lookups with timeouts
in my Futplex system.
- If such databases turn out to be used often, I expect that either
someone will write a library, or that this functionality will become
a standard part of WWW servers.
>M. Hedlund <hedlund@best.com>
Koen.
Received on Friday, 3 November 1995 06:46:03 UTC