After my colleague Diedra Smith posted about how “the more things change, the more they stay the same,” I thought I’d add to the list with a post about that mysterious concept, “state.”
In the history of computing, there have been two dominant models around how humans and computers interact. At first, there were mainframes and “dumb” terminals, and all of the processing was done server-side. A major tool in this process was IBM’s CICS (Customer Information Control System) which, in the 70’s, aided in the delivery of screens full of information and forms for intake to terminals (no graphics, just text). When a screen full of information was sent to a terminal, the connection was severed; after a user filled in a few fields and hit “enter,” the screen and its data would be sent back. However, on the receiving end – the mainframe server – the connection was new, and we – the programmers – had to find ways to let the mainframe know the state of the transaction… i.e., did someone just request the initial form, or did someone get the form and fill it in? This is “stateless,” meaning that “each interaction request has to be handled based entirely on information that comes with it.“
With the advent and proliferation of the desktop computer (a “smart” client), we began to see client-server computing. With client-server computing, a program is written to run on the desktop which connects to a program written to run on a server. This allowed for “statefull” computing, where “the computer or program keeps track of the state of interaction, usually by setting values in a storage field designated for that purpose.“
And then there was the web… the Internet, the killer-app for all things computing. Suddenly we were more or less right back where we started, for web transactions are stateless. We have a web server – usually a Linux server running Apache or Nginx – that builds pages and sends them to the browser.
Confusing? It’s sort of like 50 First Dates, the movie where “Lucy” (Drew Barrymore) forgets everything that happened on the previous day when she wakes up the next morning. To get to this page, you clicked something (thank you) and our servers built and sent you a web page. And then it forgot you ever existed. If you comment – or if this page had a form to fill out – the server will need to find something in this page that lets it recognize the page itself and where in the process we are (did I just send a blank form for you to fill out or did you fill out a form and I should do something with the information?)
Back in the CICS days, we hid stuff on the screens so that when the screen came back in, we knew what we were getting. Well, guess what we do now? We hide stuff on the screens! We use hidden fields to help us know where in the process we are — and to prevent CSRF.
The computing world has changed dramatically from where we were 30 years ago with our mainframes and terminals; now we have the cloud and smartphones. Some of the underlying principles haven’t changed, though; we still send out pages that were built on a server and then forget you exist. And when those pages come back to us, we still need to know how to handle them, which we do by looking for the hidden markers that we shipped to you when you requested the page.
If it all seems like magick to you, well… sometimes it still does to us, too.