Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

hidden form fields.

 
Ambika Jain
Ranch Hand
Posts: 48
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why is it better to use Session tracking than using hidden form fields ?
(was asked in interview)

Thanks.
 
Eric Pascarello
author
Rancher
Posts: 15385
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Without thinking, hidden form fields can be changed by people like me. I talked about changing hidden form elements in my blog here: http://radio.javaranch.com/pascarello/2004/03/30/1080662775000.html awhile back.

I am not sure if that is what they were looking for, but that is what I would say!

Eric
 
s penumudi
Ranch Hand
Posts: 113
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I guess with hidden, the burden would fall on the programmer to properly code inorder to maintain session. But with session tracking, I guess the burden is being taken by the container that provides many session tracking mechanisms.

If you want to maintain any information pertaining to the user(information could be any object) then with session tracking you can hold that information on session object.

In case of hidden fields, you can store only string objects in the form of hidden fields in each form (ofcourse you can use one JSP and include that JSP in all your JSP) but you cannot hold data which in is the form other than string.

I can think of this advantage. Hope other posts explains more.
[ March 03, 2005: Message edited by: s penumudi ]
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Here is the classic example given for why not to use hidden fields for important data:

The story goes that a computer company decided to put the price of a laptop in a hidden field, and that field was used to carry the price forward through a bunch of screens. A genius 15 year old found out that he could "spoof" the page by creating a copy of the html file locally, changing the price, and .. poof.. he got a laptop for $1.00 instead of $1500.00.

This might be an urban legend, but you get the point.

Merrill
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That question pre-supposes that it IS always better to use session variables than to use hidden form fields.

Session variables are very convenient and can make life very simple for the developer of a site with small to mid-sized traffic expectations in a non load-balanced environment. Improperly used, or used at all on a site with an enormous amount of traffic and they will quickly eat up all of your server's ram.

In many cases they are better, in some cases, they're not. I wonder if that was the answer the interviewer was looking for.
[ March 03, 2005: Message edited by: Ben Souther ]
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!