URLs are state containers

Posted by thm 2 days ago

489 points | 211 commentspage 5

balllpug1 1 day ago|

I disagree in the public URL, as either GPG --quick-generate in coining a counterpoint as a feature of anti-DDOS protocols.

Key is to generate capitol, which is being either a URL or playing hand in ball.

ravenical 2 days ago||

Letterboxd does this really well - each view is its own page! It's so pretty compared to other sites

tomtomistaken 2 days ago||

I use the concept for https://libmap.org to save the state of the map. You can share the libmap link via mastodon social or bluesky to make it permanent.

This is a small hobby project, I am not in IT.

notepad0x90 2 days ago||

Deeplinking is awesome! The Azure portal is my favorite example. You could be many layers deep in some configuration "blade" and the URL will retain the exact location you are in the UI.

thewisenerd 1 day ago||

i see the complaints around URL length limits and i raise you..

storing the entire state in the hash component of the URL

http://example.com/foo#abc

since this is entirely client-side, you can pretty much bypass all of the limits.

one place i've seen this used is the azure portal.. (payload | gzip | b64) take of that what you will.

franky47 1 day ago|

Except you hit limits when trying to share that URL. Eg: try pasting a URL longer than 4096 bytes in Signal or WhatsApp, and they don't render it as clickable.

bob1029 2 days ago||

To fully describe client side state you also need to look at DOM and cookies. The server can effectively see this stuff too (e.g., during form post).

I design my SSR apps so that as much state as possible lives in the server. I find the session cookie to be far more critical than the URL. I could build most of my apps to be URL agnostic if I really wanted to. The current state of the client (as the server sees it) can determine its logical location in the space of resources. The URL can be more of an optional thing for when we do need to pin down a specific resource for future reference.

Another advantage of not urlizing everything is that you can implement very complex features without a torturous taxonomy. "/workflow/18" is about as detailed as I'd like to get in the URL scheme of a complex back office banking product.

skrebbel 2 days ago||

This entire article is an argument against your approach here, and you're not really addressing any of its points.

Basically, your approach is easier to code, and worse to use. Bookmarks, multiple tabs, the back button, sharing URLs with others, it all becomes harder for users to do with your design. I mean feel free, because with many tech stacks it is indeed easier, but don't pretend it's not a tradeoff. It's easier and worse.

qlm 2 days ago||

Maybe I'm misunderstanding what you're saying but applications like this tend to be horrible to use. How do you handle somebody navigating in two tabs at once? What about the back button?

mewpmewp2 2 days ago|||

Also bookmarks etc? For example if you have a view where you can have complex filters etc, you may want to bookmark this.

afiori 2 days ago||||

I guess they use something like sessionStorage to hold tab specific ids.

But something that can bite you with these solutions if that browsers allow you to duplicate tabs, so you also need some inter-tab mechanisms (like the broadcast API or local storage with polling) to resolve duplicate ids

__MatrixMan__ 2 days ago|||

Agreed. Also, when you paste somebody a URL, they should see what you saw... if at all possible.

dep_b 1 day ago||

Sounds like ASP.Net Web Forms! Except it would fall apart anyway when you would reload!

exasperaited 2 days ago||

This is a risky idea, actually — at least in its fully expanded form.

Sure, in the prismjs.com case, I have one of those comments in my code too. But I expect it to break one day.

If a site is a content generator and essentially idempotent for a given set of parameters, and you think the developer has a long-term commitment to the URL parameters, then it's a reasonable strategy (and they should probably formalise it).

Perhaps you implement an explicit "save to URL" in that case.

But generally speaking, we eliminated complex variable state from URLs for good reasons to do with state leakage: logged-in or identifying state ending up in search results and forwarded emails, leaking out in referrer logs and all that stuff.

It would be wiser to assume that the complete list of possible ways that user- or session-identifying state in a URL could leak has not yet been written, and to use volatile non-URL-based state until you are sure you're talking about something non-volatile.

Search keywords: obviously. Seach result filters? yeah. Sort direction: probably. Tags? ehh, as soon as you see [] in a URL it's probably bad code: think carefully about how you represent tags. Presentation customisation? No. A backlink? no.

It's also wiser to assume people want to hack on URLs and cut bits out, to reduce them to the bit they actually want to share.

So you should keep truly persistent, identifying aspects in the path, and at least try not to merge trivial/ephemeral state into the path when it can be left in the query string.

ttoinou 2 days ago||

This should be used more often. I wish websites like Google could respect the language given in the URL. Always tries to guess what's my language based on IP and fails

tingletech 1 day ago|

Reminds me of xlink:href with an #xpointer(xpath) — with it you could xinclude an inner XML node out of a remote file

More comments...