Click here to close now.

Welcome!

Web 2.0 Authors: Alena Prokharchyk, Carmen Gonzalez, Hovhannes Avoyan, Pat Romanski, Yeshim Deniz

Related Topics: Microservices Journal, Java, .NET, Web 2.0, Cloud Expo, Apache

Microservices Journal: Article

Toss Your Cookies: Maintaining State on the Client with REST

Feel free to transfer application state to the client and rest assured you’re following REST.

REST quiz of the day: which is more important when following REST: updating the resource state or updating state on the client? Most developers are likely to say that REST focuses on updating resource state on the server. After all, POST, PUT, and DELETE all do so. GET is the only HTTP verb that fetches resource state without changing it.

If you've been reading ZapThink's discussion on REST, you probably realize that those developers are incorrect. Updating resource state is clearly an important part of REST, but updating state on the client is even more important. Why? Because client state is the foundation for distributed hypermedia applications. And after all, such applications are the point of REST.

In fact, the RESTful world distinguishes between resource state and application state, which is the state information the client maintains. And since hypermedia are the engine of application state, it makes sense that application state is more important to REST than resource state. After all, REST is representational state transfer. The representations are what the resources send to the clients, including application state information that belongs on the client.

HATEOAS and the Cloud
The topic of application state came up in an interesting discussion during our recent Cloud Computing for Architects course in San Diego. I was explaining how it's important to maintain a stateless application tier in the Cloud, because we want to put the components on that tier (Web servers, application servers, ESBs, etc.) onto virtual machine (VM) instances. In order to achieve the elasticity and resilience of the Cloud, then, we can't afford to maintain state information on such instances. We always have the option of persisting such state information, making it a part of the resource state, but relying too heavily on our resource state limits our scalability. The clear alternative is to transfer state information to the client, and let hypermedia be the engine of application state (otherwise known as the dreaded HATEOAS REST constraint).

One of the attendees in the class was confused by this discussion. He pointed out that if we use the client (say, a browser) to maintain state in a stateful application like an eCommerce shopping cart, then such state information must either go into hidden form fields or into the URL, so that the server can pass it along to the browser from one request to the next. But if the user is clicking a link rather than submitting a form, then they are executing a GET, and with a GET, the only place to put state information from the client to the server is in the URL. And we all know that URLs have a maximum length. What do we do, he asked, if we have too much state information for the URL? For example, we might have dozens of items in our cart. Was I suggesting passing the entire contents of each cart - product descriptions, prices, etc. - in the URL?

The answer, of course, is no. I say "of course" because such a question would be silly for anyone who truly understands REST. But I must admit, it took me a while to think through my response. The problem was that I have a background as a Web developer, and my student may have also built his share of Web sites back in the day as well. And back in the 1990s, before REST, in the early days of HTML and JavaScript, maintaining state in a browser was problematic. All we had were cookies and the aforementioned hidden form fields and URL query strings. And since people can turn their cookies off, we never wanted to rely on them. So yes, back in the day, if the user is clicking a link (i.e., performing a GET), the URL was all you had to work with.

With REST, however, we're working with an abstracted client. It need not be a browser, and in fact, it need not have a user interface at all. A RESTful client may serve as an intermediary, for example. Even when the client has a UI, it could be any type of application. For example, most mobile apps are written natively to the mobile environment (iPhone or Android, for the most part), and will continue to be at least until HTML5 is fully baked.

Even when the client is a browser, however, we have numerous ways of maintaining application state. Each approach, as you might expect, has its strengths and weaknesses:

  • Cookies - long a part of the HTTP protocol, cookies are universally supported and almost as universally reviled. We love them for enabling the "remember me" feature on Web sites with logins we visit frequently, and we hate them for enabling advertisers to track our browsing habits. Few app developers would rely on them for much else.
  • Hidden form fields - every Web developer's secret sauce. You can put whatever you want into such fields, and as long as the user submits the corresponding form, the contents of hidden fields go along for the ride. The problem is that hidden form fields only work with POST. In REST, POST is only for initializing a subsidiary resource, so if that's not what you're doing, then you don't want to POST. The other downside to hidden form fields is that application state information must always make a round trip to the server and back again, whether the server needs to do anything with it or not.
  • Frames - Frames made their debut in 1996 in Netscape Navigator 2.0, the same browser that introduced JavaScript to the world. Iframes came soon after. Both types of frames allowed new pages in the frame while maintaining state information in JavaScript variables in the enclosing page. In either case, however, updating the content of a frame doesn't change the URL in the browser's location field. As a result, reloading or following a bookmarked page takes you back to square one, deleting all state information.
  • JavaScript-only updates - More recent advances to the Document Object Model (DOM), in particular the innerHTML property, allow JavaScript to update any <div> element after the page is loaded. And since JavaScript can also perform all manner of RESTful calls, it's possible to make it appear that any or all of a page is changing, even though the page itself isn't actually reloading. As with frames, JavaScript variables can store state information, but also similar to frames, the URL the user sees doesn't change when your script interacts with the server.
  • Signed scripts - What about simply writing arbitrary content to the user's hard drive? Browser publishers have been monkeying with this capability since signed scripts debuted in the 1990s. The problem with giving the browser write privileges, of course, is security. One flaw and hackers can easily take over your computer. Needless to say, this capability never took off, although plugins like Adobe Flash can allow the ability to write to the users' hard drive.
  • DOM storage - Today we have DOM storage. Think cookies on steroids. Every modern browser can essentially store a JSON object that persists as the browser loads different pages. You have the option of maintaining such information for a browser session (you lose it when you quit the browser) or persisting it across browser sessions (where the browser writes the data to a file). This capability also enables developers to write browser apps that can function properly when the user is offline. The downside to DOM storage is that it only works in newer browsers - although Firefox, Internet Explorer, Chrome, and Safari all support it.
  • URL query string - finally, let's discuss storing state information in the URL. Yes, there's a character limit - the HTTP spec recommends sticking to 255 characters or less, although most browsers and Web servers support much longer URLs. So, how much can you cram into 255 characters? More than you might expect, if you use a tool like RISON for compacting JSON to squeeze more of it into each URL. Don't like RISON? There are alternatives available or you can create your own approach. Even with such techniques, however, there is still a size limit, and all such information must make the round trip to server and back.

The ZapThink Take
Based on the discussion above, you should have no more concerns about storing application state on the client. There are always tradeoffs, but one of the scenarios above should handle virtually every application state issue you're likely to come up with. Feel free to transfer application state to the client and rest assured you're following REST.

That is, of course, if you really are following REST, which means that you're building a hypermedia application. And while POST, PUT, and DELETE update resource state for hypermedia applications, every representation from resource back to client updates client state. Even a GET, which never changes resource state, still changes the application state. In other words, clicking a link or submitting a form loads a new page. Of course REST behaves that way.

While this article focused more on maintaining state on the client, therefore, REST is more concerned with updating state on the client. The real point here is that we have the luxury of choosing to maintain the state information we require while running an application whose state is supposed to change. Either way, hypermedia are the engine of application state.

Image source: bloggyboulga

More Stories By Jason Bloomberg

Jason Bloomberg is the leading expert on architecting agility for the enterprise. As president of Intellyx, Mr. Bloomberg brings his years of thought leadership in the areas of Cloud Computing, Enterprise Architecture, and Service-Oriented Architecture to a global clientele of business executives, architects, software vendors, and Cloud service providers looking to achieve technology-enabled business agility across their organizations and for their customers. His latest book, The Agile Architecture Revolution (John Wiley & Sons, 2013), sets the stage for Mr. Bloomberg’s groundbreaking Agile Architecture vision.

Mr. Bloomberg is perhaps best known for his twelve years at ZapThink, where he created and delivered the Licensed ZapThink Architect (LZA) SOA course and associated credential, certifying over 1,700 professionals worldwide. He is one of the original Managing Partners of ZapThink LLC, the leading SOA advisory and analysis firm, which was acquired by Dovel Technologies in 2011. He now runs the successor to the LZA program, the Bloomberg Agile Architecture Course, around the world.

Mr. Bloomberg is a frequent conference speaker and prolific writer. He has published over 500 articles, spoken at over 300 conferences, Webinars, and other events, and has been quoted in the press over 1,400 times as the leading expert on agile approaches to architecture in the enterprise.

Mr. Bloomberg’s previous book, Service Orient or Be Doomed! How Service Orientation Will Change Your Business (John Wiley & Sons, 2006, coauthored with Ron Schmelzer), is recognized as the leading business book on Service Orientation. He also co-authored the books XML and Web Services Unleashed (SAMS Publishing, 2002), and Web Page Scripting Techniques (Hayden Books, 1996).

Prior to ZapThink, Mr. Bloomberg built a diverse background in eBusiness technology management and industry analysis, including serving as a senior analyst in IDC’s eBusiness Advisory group, as well as holding eBusiness management positions at USWeb/CKS (later marchFIRST) and WaveBend Solutions (now Hitachi Consulting).

@ThingsExpo Stories
As enterprises move to all-IP networks and cloud-based applications, communications service providers (CSPs) – facing increased competition from over-the-top providers delivering content via the Internet and independently of CSPs – must be able to offer seamless cloud-based communication and collaboration solutions that can scale for small, midsize, and large enterprises, as well as public sector organizations, in order to keep and grow market share. The latest version of Oracle Communications Unified Communications Suite gives CSPs the capability to do just that. In addition, its integration ...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE
SYS-CON Events announced today that robomq.io will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. robomq.io is an interoperable and composable platform that connects any device to any application. It helps systems integrators and the solution providers build new and innovative products and service for industries requiring monitoring or intelligence from devices and sensors.
Wearable technology was dominant at this year’s International Consumer Electronics Show (CES) , and MWC was no exception to this trend. New versions of favorites, such as the Samsung Gear (three new products were released: the Gear 2, the Gear 2 Neo and the Gear Fit), shared the limelight with new wearables like Pebble Time Steel (the new premium version of the company’s previously released smartwatch) and the LG Watch Urbane. The most dramatic difference at MWC was an emphasis on presenting wearables as fashion accessories and moving away from the original clunky technology associated with t...
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable cloud platform.
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in the future, data and analytics will be pervasive, embedded into every workflow, application and infra...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the datacenter.
So I guess we’ve officially entered a new era of lean and mean. I say this with the announcement of Ubuntu Snappy Core, “designed for lightweight cloud container hosts running Docker and for smart devices,” according to Canonical. “Snappy Ubuntu Core is the smallest Ubuntu available, designed for security and efficiency in devices or on the cloud.” This first version of Snappy Ubuntu Core features secure app containment and Docker 1.6 (1.5 in main release), is available on public clouds, and for ARM and x86 devices on several IoT boards. It’s a Trend! This announcement comes just as...
SYS-CON Events announced today that Vicom Computer Services, Inc., a provider of technology and service solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. They are located at booth #427. Vicom Computer Services, Inc. is a progressive leader in the technology industry for over 30 years. Headquartered in the NY Metropolitan area. Vicom provides products and services based on today’s requirements around Unified Networks, Cloud Computing strategies, Virtualization around Software defined Data Ce...
SYS-CON Events announced today that AIC, a leading provider of OEM/ODM server and storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. AIC is a leading provider of both standard OTS, off-the-shelf, and OEM/ODM server and storage solutions. With expert in-house design capabilities, validation, manufacturing and production, AIC's broad selection of products are highly flexible and are configurable to any form factor or custom configuration. AIC leads the industry with nearly 20 years of ...
How is unified communications transforming the way businesses operate? In his session at WebRTC Summit, Arvind Rangarajan, Director of Product Marketing at BroadSoft, will discuss how to extend unified communications experience outside the enterprise through WebRTC. He will also review use cases across different industry verticals. Arvind Rangarajan is Director, Product Marketing at BroadSoft. He has over 19 years of experience in the telecommunications industry in various roles such as Software Development, Product Management and Product Marketing, applied across Wireless, Unified Communic...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
The only place to be June 9-11 is Cloud Expo & @ThingsExpo 2015 East at the Javits Center in New York City. Join us there as delegates from all over the world come to listen to and engage with speakers & sponsors from the leading Cloud Computing, IoT & Big Data companies. Cloud Expo & @ThingsExpo are the leading events covering the booming market of Cloud Computing, IoT & Big Data for the enterprise. Speakers from all over the world will be hand-picked for their ability to explore the economic strategies that utility/cloud computing provides. Whether public, private, or in a hybrid form, clo...
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, will discuss how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at the same time reduce Time to Market (TTM) by using plug and play capabilities offered by a robust I...
IoT is still a vague buzzword for many people. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. He also discussed how IoT is perceived by investors and how venture capitalist access this space. Other topics discussed were barriers to success, what is new, what is old, and what the future may hold. Mike Kavis is Vice President & Principal Cloud Architect at Cloud Technology Pa...
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, deploy, and manage applications integrating voice, video and data. He is the co-founder of TeleStax, a...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this case) takes into account the number and quality of contextual references that a user receives.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? Join this panel of experts as they peel away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you’ll have no problem filling in your buzzword bingo cards.