Session Object considered Harmful

Why and how to avoid using a session object

Several enviroments for building dynamic pages have some kind of session object. The enviroment cares about the survival of the session id and provides a bag to put variables into that then will be preserved between pages. This looks like and sometimes is a nice idea. But it will bring serious problems if misused.

Since it is a bit tedious to pass all request parameters into hidden page fields developers tend to pass them by using the session object. Within a short period of development time the bag of variables is pretty full and pages depend on the calling order to work properly. This is the return of a very old evil: Communication of functions through global variables.

Since this evil is around since the beginning, we all know the cure. Remove the globals and pass them as parameters.

Unfortunately there are so many of them. So you might want to order them and put them into smaller bags. To achieve this you write a class that reinstantiates itself when constructed with an id. The id is passed in as a request parameter and then used to retrieve the bag.

This technique has the advantage that compatibility with back becomes much easier to maintain.