Just read Nathan Pitman’s report about the updated Flickr Gamma version. One particular note was the Organizer is no longer done in Flash. Scanning the the announcement page, help page, and bug list, I couldn’t really find any information or context as to why. Anyone have any more info?
Blog
-
Sessions with Flex and Flash
I’m looking for corroboration, confirmation, and/or corrections, so if you got ’em, throw ’em in the comments please and I’ll update this post.
The more popular Flex and Flash gets, the more exposure I get to large server-side development teams. As most have developed a lot of web based applications, the question of session handling comes up time and time again. I’ve attempted to compare and contrast the current known methods for utilizing sessions in a web browser, and their parrellels with Flex & Flash development. My goal is to better understand why you do or do not need session handling in your web application.
In this post’s context, a session is defined as a way to uniquely indentify the client to the server. Since normal http interactions are stateless, there is no way for a request from the client web browser to the server to be uniquely identified. Where such situations are needed to know which client is which, and keep data associated with that client while they are interacting with the web application, a sessions is used. The real-world example is keep a list of items a user has added to their cart in an ecommerce site. Even if they go from page to page throughout the site, or back, the session keeps track of their cart items.
The three main ways to do this are:
- appending variables to the URL string
- hidden form field
- cookies
The first way involves appending variables that are relevant to the web application state to the end of the URL and making sure each page continues to attach this information along as well. Hyperlinks may add &id=234890somerandomnum&cartitem1=someproductid to the end of the URL when travelling from page to page. The server-side code garner’s context, if needed, since these variables are passed to the server before processing the next page. The pro’s to this is you can easily see what variables are working during development, and this allows you to tweak your pages to test things while using the app. The cons are unweildy URL’s that are extremely long, if you miss passing one variable the whole thing gets fubarred, and harder to secure (assuming your methods handling the server-side variables don’t check for arbitrary data which they should).
The second way involves sticking a session ID or even additional vars like the above into a hidden form field(s).
The third way involves utilizing cookies that store session information. Pro is this is very application transparent for the front end, but the con is if cookies are disabled, it won’t work.
My take as to why server-side developers like sessions is that role information is encapsulated into the request. In the case of AMFPHP for example, each server-side method in a PHP class has a role or set of roles that are allowed to call it. Upon logging in using normal browser security, you’re role is set. This provides transparent interaction between client and server. You can even handle a custom fault of not having the role privaledge to access certain functionality, or even “re-login” if need be without refreshing the page. I guess I don’t understand where this persists, though. J2EE has a similiar setup with a nice, built-in security that works.
The state arguments, however, make no sense. It is understandable since it requires a lot of effort to work with the developers to get them out of the “page” mindset. There is no page; it’s an application like Outlook; it has state, and doesn’t lose it. There is no page refresh.
I once worked on a Flash app where in using OpenAMF, the Java guy wanted me to pass him the session ID as the first parameter to every method call. I’d login, get the sessionID as a return value, and set it to a global (static) variable in the Flash app. Every Delegate call pre-pended this value as the first parameter to method calls. It wasn’t so bad, but I never really understood what the session gave us.
The hidden form variable works similiar to the above; you just store whatever variables you want to keep around in a global/static class.
While Flex & Flash have their own cookies, they are used for ensuring data persistence across application usage, not sessions. So, if I reboot my computer after using an application, the data will be there tomorrow type of thing. They are for data storage. Just like browser cookies I guess, only harder to delete (harder meaning not built into web browsers like cookies are).
The current Flex & ColdFusion app I work on, we don’t use ’em. The Flex app keeps state, and just calls ColdFusion CRUD methods. I’m sure we could add roles if need be, but I guess I just don’t get it beyond the built in security some server-side technology has to authenticate requests.
I’ve never really found a definitive article explaining the session’s role in Flash & Flex development. I’ve seen it discussed more on Flexcoders, but this is mainly because of the influx of server-side talent on that list who is used to dealing with such state. The typical response is “you don’t need them, Flex is a stateful client”, and yet the “logging in” is still discussed. If anyone has anymore sources to add to the above (or correct), please link.
-
I got Flash to talk to Rails
I went through this tutorial, and replaced all the Flex stuff with 56 lines of ActionScript in Flash 8. Getting XML into Flash is the Flash Developer’s tried, true, and trusted way of getting dynamic data. Took me 30 minutes in total: 30 seconds to do the rails setup, 20 minutes to install/uninstall/reinstall MySQL 4.1 (POS!!!), and 5 to get data. I spent another 15 unsucessfully sending XML to the create method. It was creating records, but wasn’t getting the XML I sent. I tried every version of the XML object I know to no avail.
Here, I created the XML string by hand:
function createUser() { trace("createUser"); var s:String = ""; s += "<request>"; s += "<user>"; s += "<updated-date/>"; s += "<creation-date/>"; s += "<username>doom</username>"; s += "<id type='integer'></id>"; s += "<password>heck</password>"; s += "<email>doom@finalbattle.com</email>"; s += "</user>"; s += "</request>";And then here I send the request:
create_xml = new XML(); create_xml.ignoreWhite = true; create_xml.parseXML(s); trace("---------------"); trace("sending: create_xml: " + create_xml); create_xml.contentType = "application/xml"; create_xml.onLoad = function(success) { trace("create success: " + success); trace(this); }; create_xml.sendAndLoad("http://localhost:3000/users/create", create_xml, "POST"); }
I opened ServiceCapture and started examining the traffic, and nothing jumped out at me. I got pulled away to do a Podcast so I’ll just have to do it in Flex, and compare since I’m probably just not formulating my XML message correctly.
Anyway, damn yo… 5 minutes to read from and write to a DB? Awesome!
-
Agile Web Development with Rails First Impressions
Can’t sleep (as usual) so figured I’d write up my first impressions of Ruby and Rails after reading the first 8 chapters of Agile Web Development with Rails Sunday afternoon. Let me precursor this with I’ve only read 8 chapters in 1 book in a 7 hour period over 2 days. Anything stated below are my first impressions, and my opinions are preliminary and fleeting at best. As I learn more, I know what I think will change.
Rails? Really nice.
Ruby? No opinions yet, don’t know enough about the language.
ERb? Hate it.
Rails itself, at least from an implementation standpoint, seems to do all the things people hand-code themselves a lot of times. They keep re-iterating convention over configuration. This statement scores a lot of points with me because there are a lot of frustrating things I’ve had to do with Java projects. OpenAMF + Hibernate + Spring == XML hell. While I usually don’t have to deal with it since I’m client boy, I inevitably was drawn in on a few occasions, and hated it. I don’t mind configuring something if it’s going to work when I’m done, but time and time again, I felt like I was doing a form of coding (as were the Java guys) whilst playing with XML. I’m sure it scales, but I never really saw it run for more than 1 hour.
I’ve been pretty shielded from the ColdFusion project I’m currently on. The JRun + CF + SQL setup was an all day affair, and I only had 1 hiccup since. While I attribute part of that success to an extremely talented team, I must say I’ve been impressed; the only times things break is when my code is involved. In all fairness, the server-side code isn’t really worthwhile without the client, and vice-versa. Can’t test it till I get done and start to integrate.
Still, the VO’s are a monotonous pain to write, and I’m sure the server-side CRUD methods are as well. It should by automated at this stage of the game.
I remember when learning OOP, then design patterns, then frameworks like ARP and Cairngorm, you start following conventions. They are known, ingrained, and the decision to use them is intentional. You knowingly write more code to accomplish the same thing knowing that the extra code pays off later. This is where I’ve seen conventions, in a small part, pay off time and time again. So, while I’m sure there are a few things Rails disregards on purpose, I have faith in conventions, and how they have improved my programming results over the years. Thus, I have faith in Rails.
I still think, though, configurations are powerful and should not be disregarded. Just not sure where that fine line is, nor the ramifications for crossing one or the other.
It boggles my mind to think this hasn’t been implemented yet in Java, CF, or PHP yet. I’ve heard briefly information about Tapestry, and when it was explained, it sounded like the same thing, only the AWDWR book took a stab at it. I know CF has a gazillion frameworks for it, and even read 2 blog entries about CF on Rails awhile ago, so I’m sure someone’s already got something “good enough”. I’ve heard of Cake and a few other PHP frameworks, but the thing I’ve always found about PHP stuff is that unless you can read and understand PHP, you cannot really grasp the power of most of what I’ve seen. For example, going to the bookstore, or even your local user group, and you get someone to give you the gist of Fusebox for ColdFusion, or Rails for Ruby… but Cake for PHP? I don’t know, I just get the impression that the communities are smaller, and those who get it are smart enough to do so without documentation, or some sort of developer evangelism. Bottom line, I don’t trust my knowledge of server-side frameworks to really question that something of Rail’s caliber doesn’t already exist. I just know in reading those 8 chapters, I got it pretty quickly and would rather do that than write DAO’s in PHP all day. If I were a full-time server-side developer, I would probably know more about what tools are truly available and thus would have better context.
Nothing to say about Ruby yet.
The ERb’s bring back nightmares of ASP & PHP projects I’ve seen which have sql statements embedded in the page, and someone wanted me to “modify” it. Ugh, run. While I think their templating mechanism is straightforward and simple, I still feel that ERb’s are gross. One third of that is my past experience with ASP, PHP, and JSP which is admittingly (and thankfully) little. For simple projects, or simple data accessing components for Flash, they do their job and do it well. For anything else, hell no. The 2nd third is because to me, CSS & HTML are limiting. While HTML & CSS certainly offer a neat way to show text, display it, and control layout (for the most part), the whole page based metaphor feels like it’s only scratching the surface of Ruby on Rail’s potential. While I think they did an effective job using Controllers to not only give scoped variables for the view to use and built-in mixin methods which inject functionality at runtime, it’s the actual “pages” that makes me dislike it. Why pages? I know, I haven’t hit the AJAX parts yet, but still, I’d rather use Flex to handle all of the state, sections, and even session data. However, I can’t figure out yet how I’d write my Controller code once you add a stateful client to the mix. Steven says you can expose Ruby as webservices… perhaps that’s the ticket?
Furthermore, it’d be really neat to learn some of the guts of the automation routines and write MXML & AS files on the fly, compile with mxmlc, and generate those auto-CRUD pages into a single SWF; a Flex app with a richer, and more central & self-contained GUI as a front end. Again, those CRUD pages aren’t necessarily supposed to be your de-facto admin pages, but if you have a better GUI tool that can integrate into Rail’s automated nature, why not use it?
Overall, the ActiveRecord, after talking to Steven on the phone, and then reading about it Sunday, pretty much is what hooked me. While I still feel the pull of databases driving my projects, writing a class representation of a table and having that transparently save, update, etc. is just off the hook. I still don’t get why some of that stuff, like parent_of and foreign keys, etc. isn’t automated, but the book had a few footnotes talking about database disparities.
Either way, it’s fuggin’ pimp looking for a version 1.0 framework.