Wednesday, May 18, 2005
Securing Web-application state stored on the client-side
According to the article these are the pros and the cons of storing the state in the HTML itself:
Storing state on the client has the following benefits:
* Scalability - A single server can support more clients. An increase in clients does not require more memory or database resources on the server.
* Back Button is not a Problem - All state is saved in the page making the back button no longer an issue. What you see in the HTML page is the Java object used to generate that page.
* Session Time-Outs not an Issue - HttpSession time outs are not a problem.
Saving state on the client does not come for free. Here are some of the drawbacks:
* Computing Resources - There is a CPU cost associated with encoding/decoding and encrypting/decrypting of state for each interaction.
* Bandwidth - Since all the state related to a page is sent back to the server on each request there will be more data sent.
* Browser Crashes - If the browser that contains the state crashes the state is lost.
Copyright Anand Jain 2004, 2005. All rights