This is a continuation of the post Of state handling, part I published last month.
So naturally with such an architecture you have two places where you could store state information between requests: the client, or the server. In fact, Orbeon Forms allows you to choose where to store the state. Each solution has benefits and drawbacks. Mainly, storing the state on the client require more information to travel between client and server; and storing the state on the server requires more memory on the server, typically linked to the user's session.
Client state handling is not a trivial thing to do:
When sending state information from the server to the client, you can't just send Java objects out as is: you must "serialize" them, that is represent them as a string of characters.
The data sent must be as small as possible, so you must be smart and try to send the minimal amount of information possible. For this reason, in Orbeon Forms we do not rely on Java serialization for this task. In addition, Orbeon Forms uses gzip to compress the resulting information.
Data sent to the client must also be encrypted, so that nobody can crack into your application by sending the server tampered state information.
In addition, when the client sends back state information to the server, the server may take time to deserialize or restore internal data structures therefore impacting responsiveness. To alleviate this issue, orbeon Forms uses a document cache which contains live XForms documents and which allows bypassing this deserialization in most cases.
In the next installment, we'll look at the challenges of session state handling.