Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

A "nice" online reservation web site

 
Albert Torres
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

Please, can someone give an advice on www.airalgerie.dz, i discover this online reservation web site and i was surprised by the design:
-session state is stored in the client side: hidden fields are heavily used
-navigation flow between jsp pages is managed by...... javascript code
-errors messages for validation are...."pretty too explicit"

Any comments?
Thanks
Albert
 
Jeff Belisle
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My 2 cents: By exposing everything to client side including navigation flows and hidden fields opens site up for spoofing.

I would say security will be my top concern with this kinda approach.
 
Andy Malakov
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I thought about similar approach. Client side state can be kept to a minimum: just primary keys of things like airports, flights, seats, etc referenced in current itinerary. Whole structure can be serialized into few hundred bytes (well within 4K cookie limit).

Regarding security, whole interaction can go over HTTPS. Payment submission form must use some kind indirect way of credit card identification anyway.

Also, whole session-containing cookie/hidden field can be encrypted/signed.

Now think about web-tier state. Hacker can intercept somebody's JSESSION_ID and book some flights. Unless... :-)

Regards,
Andy
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic