четвъртък, 28 март 2013 г.

HTTP Session attributes considered evil

I've been dealing with a Struts 1.x based application in a Java 1.4 environment.

Struts actions, where the majority of the business logic is implemented, are not capable of returning results. Hence the predominant anti-pattern used when one needs to return a value from one action to another, is setting parameters in the request or session scope.

This quickly gets out of hand and the code becomes  what I'd term "Java with a mixture of the JavaScript bad parts" - a global object with untypized access, where all actors read and write as they deem appropriate.

Here are the most notable disadvantages to this approach:

- Unconvenient (raw) object access
- Complete reliance on side effects as opposed to returning values completely inhibits the functional coding style, and makes your application hard to reason about.
- The fact that one actor relies on another to have written data in session/request so that the other can read it, introduces strong temporal coupling between the actors.

I would go far as to argue that any framework which relies on session and request objects to pass data between actors is evil.