As a followup to The State of State on the Web I want to mention stateless servlets, a relatively new feature of the PLT web server that make continuations (even) more usable. Stateless servlets are essentially a kind of servlet with serializable continuations. A serialized continuation can then be stored on the hard disk, in the URL, in a cookie, or using any other mechanism you desire. This gets around the issue of memory consumption that is a concern with normal continuations. I don’t have a lot of experience with this kind of servlet, but Jay’s experience is that they are faster than normal servlets and the continuations are typically less than 100 bytes (and so can easily be encoded in a URL). Very nice!
What security issues are involved with serialized continuations? Is there any way to forge a continuation?
That’s cool, but the requirement that continuations NOT be in the context of another module seems burdensome. Is it worth the price?
I think it is worth the price, because you can always also convert the other module and in my conversions, I’ve never even needed to do that except with a handful of list combinators (like map). Obviously your mileage could vary, but it is certainly better than not having continuations at all and having to it all manually.
There aren’t any significant issues beyond the usual web issues. You can encrypt continuations and store them on the server (on disk, say) if security is especially important. Forging a continuation is as likely as forging a session ID in other frameworks.