- Let's make the authentication system so the user can only login in one device at time, because this is more secure.
- You know that this will be a general-public application, right?
- Yeah!
- Sou you want to "punish" users with a logoff on the other device when he tries to login in a new one?
- Yeah!
- But before you said we will use Json Web Token to make the backend stateless.
- Yeah!
- And how will we check if the token is the last one generated?
- We will store the last generated token for this user on a table in our DB.
- So... you are basically describing the old authentication model, with session tokens stored on the backend and communicating them via cookies.
- Yeah, but the token will be sent on the Header, not on cookies
- Okay, so why will we use Json Web Token to do this in the first place?
- Because this is how they're doing now, and this will make the backend stateless.

A moment of silence, please.

Customer: “How many concurrent users can use this app?”
Me: “web tech is stateless. (Insert explanation) So concurrency is meaningless.”
Customer: “yeah but how many concurrent users?”
Me: “infinite as long as they aren’t interacting with the server.”
Customer: “but how many?”
Me: “400”

Did a bunch more cowboy coding today as I call it (coding in vi on production). Gather 'round kiddies, uncle Logan's got a story fer ya…

First things first, disclaimer: I'm no sysadmin. I respect sysadmins and the work they do, but I'm the first to admit my strengths definitely lie more in writing programs rather than running servers.

Anyhow, I recently inherited someone else's codebase (the story of my profession career, but I digress) and let me tell you this thing has amateur hour written all over it. It's written in PHP and JavaScript by a self-taught programmer who apparently discovered procedural programming and decided there was nothing left to learn and stopped there (no disrespect to self-taught programmers).

I could rant for days about the various problems this codebase has, but today I have a very specific story to tell. A story about errors and logs.

And it all started when I noticed the disk space on our server was gradually decreasing.

So today I logged onto our API server (Ubuntu running Apache/PHP) and did a df -h to check the disk space, and was surprised to see that it had noticeably decreased since the last time I'd checked when everything was running smoothly. But seeing as this server does not store any persistent customer data (we have a separate db server) and purely hosts the stateless API, it should NOT be consuming disk space over time at all.

The only thing I could think of was the logs, but the logs were very quiet, just the odd benign message that was fully expected. Just to be sure I did an ls -Sh to check the size of the logs, and while some of them were a little big, nothing over a few megs. Nothing to account for gigabytes of disk space gradually disappearing.

What could it be? I wondered.

cd ../..
du . | sort --sort=numeric

What's this? 2671132 K in some log folder buried in the api source code? I cd into it and it turns out there are separate PHP log files in there, split up by customer, so that each customer of ours (we have 120) has their own respective error log! (Why??)

Armed with this newfound piece of (still rather unbelievable) evidence I perform a mad scramble to search the codebase for where this extra logging is happening and sure enough I find a custom PHP error handler that is capturing (most) errors and redirecting them to these individualized log files.

Conveniently enough, not ALL errors were being absorbed though, so I still knew the main error_log was working (and any time I explicitly error_logged it would go there, so I was none the wiser that this other error-catching was even happening).

Needless to say I removed the code as quickly as I found it, tail -f'd the error_log and to my dismay it was being absolutely flooded with syntax errors, runtime PHP exceptions, warnings galore, and all sorts of other things.

My jaw almost hit the floor. I've been with this company for 6 months and had no idea these errors were even happening!

The sad thing was how easy to fix all the errors ended up being. Most of them were "undefined index" errors that could have been completely avoided with a simple isset() check, but instead ended up throwing an exception, nullifying any code that came after it.

Anyway kids, the moral of the story is don't split up your log files. It makes absolutely no sense and can end up obscuring easily fixable bugs for half a year or more!

Happy coding.

I'm not sure *why*, but I increasingly see the following pattern:

Challenge a primarily OO / imperative dev by saying OO or imperative styles aren't always a good fit, and that a stateless functional approach can offer advantages, and you often get something akin to:

"Yeah, it's new to me so I'm still working my way around it, but I get that. Makes a lot of sense."

Challenge a functional dev by saying the functional style isn't always best, and in some cases functional isn't a good fit, and you tend to get:

"YOU IMBECILE! YOU ARE SIMPLY CONSTRAINED BY YOUR YEARS OF MINDLESSLY FOLLOWING THE OO HERD! FUNCTIONAL IS ALWAYS SUPERIOR!! ALWAYS, I TELL YOU!!"

I mean geez guys, calm down and learn it's just another tool in the toolbox. I get that popular paradigms emerge and have their die-hard supporters, but I didn't even see this kind of thing when OO became the "new thing everyone needs to use for everything" in the 90's.

I wrote a Stateless module in ruby, now I can't stop looking it. I think I'm in love with my module.

That's normal? I need help?

Tried flutter for the first time in life, for 2 days, java based Android dev here.
I have some.... thoughts...

Flutter does not feel extremely new to me. It is very much relatable if you have ever tried basic the spring/ other java based gui framework. It is trying to achieve the goods from multiple worlds,its so far good, but mann its playing on thin ice.

Flutter : Yo boy embrace me. I am the beauty. checkout my hot reload.
Me :❤️❤️😍 (But wait. your first execution is wayy longer than a simple android studio build. And AS would generally take smaller time after every rebuild. And you are going to take the same long time as first build, if app gets closed or my usb gets accidentally removed. So I see what you did there ;))

Flutter: Ha. Checkout my function passing as parameter. ever thought your puny java going to give you that?
Me :you got me ,❤️. (Although this style is not so uncommon with web devs)

Flutter: everything is a widget, everything is stateful or stateless, Single Streams FTW!
me: ❤️

Flutter:You kotlin devs are gonna love me, i got Small, concise code
Me: Now wait, This is a thin ice for me, okay? I hated when kotlin replaced everything with symbols & lamdas for a confusing but small code, So be careful,even though your code is still good.

Flutter : Control every pixel , dear! No more xmls!
Me : Yes, what is with that? are we accidentally going in the past?
Java desktop apps, spring framework used to build whole layouts with programming language. The day i stepped into Android, it was xml for ui and java/kotlin for code. was that a bad decision or is this one?
Anyways i liked my stuff seperated, but that's just me.

Flutter : Ugh so much whining. Are you going to work with me or not?
Me : Yes mam! ❤️

I wrote an auth today.

Without frameworks. Without dependencies. Without under-the-hood magic. Without abstract pluggable adaptor modules for the third-party auth library with 63 vulnerabilities and 1252 GitHub issues. Without security vulnerabilities showing up in NPM log. Without dependency of a dependency of a dependency using md5 and Math.random() under the hood for historical reasons, and now we're fucked, because this is the only lib for our framework, and we have no time to write our own replacement. Without all that shit.

Rock-solid, on top of scrypt. Stateless and efficient.

It felt amazing.

I am learning java at school and my teacher asked me to make a work on JTA (java transaction API). There's not a lot of tutos on it on the web so I say to myself "go on, give it a try, you'll only learn by trying."
I finally find how to make the @TransactionType, where to put the @Stateless, my test works, nice. Finally I want to try a case where it shouldn't work, just to be sure the rollback works well. The test goes and... NullPointerException. Wtf ! Normally, my catch is supposed to, well, catch the error !

And finally, I was just stupid. My catch worked great. But I put a "throw e" inside.

Now I wanna hides under blankets, cry, eat cake and never see my coworkers again.

This was originally a reply to a rant about the excessive complexity of webdev.

The complexity in webdev is mostly necessary to deal with Javascript and the browser APIs, coupled with the general difficulty of the task at hand, namely to let the user interact with amounts of data far beyond network capacity. The solution isn't to reject progress but to pick your libraries wisely and manage your complexity with tools like type safe languages, unit tests and good architecture.

When webdev was simple, it was normal to have the user redownload the whole page everytime you wanted to change something. It was also normal to have the server query the database everytime a new user requested the same page even though nothing could have changed. It was an inefficient sloppy mess that only passed because we had nothing better and because most webpages were built by amateurs.

Today webpages are built like actual programs, with executables downloaded from a static file server and variable data obtained through an API that's preferably stateless by design and has a clever stateful cache. Client side caches are programmable and invalidations can be delivered through any of three widely supported server-client message protocols. It's not to look smart, it's engineering. Although 5G gets a lot of media coverage, most mobile traffic still flows through slow and expensive connections to devices with tiny batteries, and the only reason our ever increasing traffic doesn't break everything is the insanely sophisticated infrastructure we designed to make things as efficient as humanly possible.

A functional developer kills a man. When the police arrests him, he gets very surprised. He thought he was stateless.

lets build a stateless warehouse controll system. lol

Testing every little class and stateless function is a brilliant way to spend a lot of time doing nothing.

At the same time, if I didn't have to test it, I probably wouldn't have turned it into tiny classes and mostly stateless functions.

I have a few side project ideas. I started one of them a few months ago (project setup, dependencies, git repo, index page, very basic API and client functionality). But I cannot get myself to work on it or even think about it (for months now). The reason? I do not want to work on the client/frontend! I do not want to deal with React or Vue or Svelte or fuckjs or even jquery. It's a fucking mess.

For the backend, the requests are stateless: you get a request, handle it, and respond back. Need to update state? Database. That's it!
For the frontend, there's just tooo many states I can't keep up with! When the user checks or unchecks this checkbox, I need to maintain the state of the checkbox and maintain the all effects of changing the checkbox while syncing with the backend and making sure the elements are still styled correctly with the applied effects. Multiply that with all the expected interactive elements on the page. It's exhausting!

I love the React and Sails docs. The contents are human-readable. Perfect for idiots like me since most docs are $h!+5%&* (hint: Git).

I'm trying to get into react for side projects but my java and backend background in general really make things tough. Let's say I have a few data manipulation functions that I want to extract to a separate service and inject it using react hooks (since that's what everyone is using nowadays apparently). I can see it being much more elegant than props, but all the examples I can find resolve around passing state here and there, not passing actual dependencies like a stateless service. Any ideas how I should solve this?

stateless design is another part of programming or web development i haven't quite been able to grasp fully, I understand what it is and its capabilities but I cant seem to.... say "hey to implement stateless design on project xyz that is an actual project will real life usage, this is how to go about it" it's easy to build any web app like a story or like a building, from the ground up and roof, but what about a webapp that has really unpredictable data and is very fluid that the ui just moves around and adapts to whatever data is thrown at it, as long as the data makes sense and is applicable to be situation on ground, you can't just build such a ui from the ground up from a template, you'll end up with a lot of if elses until the code is bloated and probably unreadable,

there has to be common sense in what I'm trying to say, maybe I'm not using the right words

Symfony 4:

I created a firewall with a user provider and everything was great for a year and a half.
I needed a second firewall with a different user provider for my REST API.

Being stateless, the rest api firewall didn't need the refreshUser method so I didn't bother doing anything inside but returning user (without noticing how my original class was built or the official documentation which apparently says I need to throw an exception if this isn't the right user provider for the user in the session).

I was having a problem with my main firewall after that point because I assumed it would only use the relevant user provider, but even though my API firewall only applied to a specific host/pattern, the user provider for that firewall was still being used. If it had run the supports method first, it wouldn't have done that even with my initial mistake. Frankly, I don't know why there is a supports method if it's not being utilized for this purpose...I saw supports() is used for the rememberme functionality, but seems inconsistent not to use it everywhere.

Not only should Symfony be updated to check the supports() method, but I also think it should only loop through user providers for the current applicable firewalls. Since we define a user provider per firewall, I think that would be the natural way for it to work. Otherwise why even define a user provider on the firewall if it's just going to try to use them all anyway?

Furthermore, in the case of a stateless firewall, requiring the refreshUser method via the interface seems strange.

How, to load static images in the reactJS component, by using like declaring in a stateless function where we declare a style object name style return and passing into a <div style={...}>

How would you create a mock for an Aggregator Microservice (stateless) which makes requests to other services for each request, transforms the data and then responds to the user?
I want to create a mock service where I don't t have to run the other services but it should create kinda realistic responses.
Have you had to create something like this?
I'd use it for testing another microservice that uses the aggregator.

Guys I've inherited an older WordPress plug-in that was custom made by a previous developer. I'm refactoring it as it won't work with the latest wp but the previous dev has used sessions to send form variables from one form to another and I don't know why. I'd like it to be stateless in an ideal world but have been checking out the WordPress docs on cookies but they don't reveal a lot. Any ideas what I can do? Can I send the data without sessions using the native WordPress filters, hooks and actions etc. Cheers

Hello ranters.
Quick(qwik) question. Is Qwik any good? Am I right in thinking it's basically a framework with stateful and stateless components which are only updated as and when required? This is what I took from the documentation anyway. It has a flutter mentality which I think I dig.

Can a stateless individual travel to any country?