Critique of Hidden Fields
The approach is quite elegant, but it has some problems:
- All interactions between client and server must go through forms.
- Every form on every generated page must include the hidden fields defining the session state.
- In our example, the number of hidden fields grew quickly.
All approaches to session tracking run into problems analogous to the last: one wishes to keep down the amount of hidden information that must be exchanged in every single transaction of a session.
For example, this will be important for the URL-rewriting approach, because we don’t want to end up with huge URLs.