Stateless Applications are an Illusion

April 1, 2010 by Stephan Schmidt

43 Comments

Stateless applications have haunted me over the years. There is a mantra for web development: Keep your application stateless. I have seen companies pilling money on the effort to go stateless with their web applications. I’ve encountered a company with a multi million lines of code application with a stateful web framework going coniserable lengths to reengineer the app to being stateless. I have seen companies who don’t scale because they wanted to be stateless. All of this haunted me. Because it should not haunt you as a developer, I will take a deeper look and show that it’s impossible to keep most applications stateless.

To begin with, I divide state into two kinds:

Application state (like Orders)
Conversational state (temporary state during a session)

Some applications do not need state, or only have application state. The viewing part of CMS for example. One view sees applications as state machines and the essence of web requests to change this state. Beside the two kinds of state, there are at least two dimensions of state:

accidental, framework state
use case driven state, often the conversational state from above

The first dimension of state, framework state, can be designed away. There are frameworks which keep state during their operation – Tapestry for example. By chosing the right framework and architecture, you can minimize or prevent framework state. The second dimension cannot be designed away. If your use case calls for state, you need to store that state. A checkout process comes to mind: customers choose over serveral pages delivery address and payment information. Baskets come to mind: they store their conntent often only during a session. That conversation state needs to be hold somewhere.

When people talk about stateless applications, they in fact mean no state in the web tier. But state can be stored in several layers:

Best state store: Client (window.name hack, Javascript variables for AJAX applications, Cookies)
Pages (e.g. with JS variables or Hidden fields)
Easiest state store: Web Tier (HTTPSession in Java applications)
Infrastructure (Cache like Memcached, Databases like MySQL, NoSQL like Redis)

You need to decide where to put your conversation state, but you cannot prevent your app from having state if the use case calls for it. What about using the easiest and fastest state store, your web tier? ThePlay framework says:

But this is much better because a session is not the place to cache your application data!

Contrary to this, your web tier session is a very good place to cache your application data. Problems do not arise when your web session is a cache (might arise if you do not handle stale data, but every cache has that problem), and can be constructed easily with the help from a persistent state store. e.g. store the UserId in a persistent store like Redis, cache the User object in your session. In case of a session failover, the new server will reconstruct the session from your persistent state store. Many developers do not like web tier state because your web tier does not allow easy failover and scaling. But when thinking the session as a cache, not a state store, no problems arise in case of taking down one web tier server.

As always there are trade offs, there is no best solution, be it web tier caching or “stateless” applications. As a developer you need to decide between the different trade offs of state storage.

About the author

Stephan Schmidt has been working with internet technologies for the last 20 years. He was head of development, consultant and CTO and is a speaker, author and blog writer. He specializes in organizing and optimizing software development helping companies by increasing productivity with lean software development and agile methodologies. Want to know more? All views are only his own. You can find him on Google +

More at

You can leave a Reply here. Of course, you should follow me on twitter here.

You can share this post!
Do you want to tell others about this article? Use the social bookmark icons to submit this artice to the service of your choice. Thanks.

24 Tweets

Comments

Stefan Schubert

April 1st, 2010

If you define it that way as you do your headline should be “stateless applications are no applications, they are … ummm … static”

Cheers :-)
Stefan

Stefan Tilkov

April 1st, 2010

IMO, in a Web app, each individual request should contain enough information to be processable independently of whether or not a previous request did or did not occur. Persistent server-side resource state is fine, client-side state is fine, transient communication (session) state isn’t because it’ll ruin scalability and bookmarkability, one way or the other.

stephan

April 1st, 2010

@Stefan: As most often – you are right

@Stefan: I beg to differ, putting to a session scoped resource like a basket, stored in a database, is just that: tansient communication/conversation state, everything are just word games.

Cheers Stephan

JeanHuguesRobert

April 2nd, 2010

It has always been strange to me that, because HTTP is not a connection oriented protocol, as a result applications should be stateless too.

It is like removing local variables from all computer languages, expecting developpers to build massive finite state machine, or, even more difficult, pushdown automaton.

Seaside put them back with the notion of modal http server. AFAIK the state is where it belongs, in the stack, in local variables.

Daniel Alexiuc

April 2nd, 2010

The server side Web tier *used* to be the ‘easiest’ place to store state, simply because there were many very popular web frameworks to enable this – written by people who really didn’t think hard enough about the problem.

It doesn’t change the fact though that it is the “worst” place to store web application state. Web application state belongs on the client, and thankfully there are now many client side frameworks that help with this.

stephan

April 2nd, 2010

@JeanHuguesRobert: Which means in a conversation state store on the server? The variables are just an abstraction for that (not that this is bad)

Itay Maman

April 2nd, 2010

I think that in general case, statlessness (as advocated by functional programming) is an illusion. When you’re absolutely stateless every cycle of interaction of the user with app (be it a web-app, a GUI app, whatever) requires:

(1) That the entire data relevant for the processing be specified as a parameter(s);

(2) That the entire output (incl. UI elements, DB records, whatever) will be returned as a result

I’m afraid that upholding these requirements is not feasible (and, alas, will not be feasible even if when our frameworks/languages evolve). You do not want to encode every tiny state of the UI as a parameter that is passed to the interaction. If encode the entire state of the app and return it as a result interaction of one user will not be seen by the next user.

stephan

April 2nd, 2010

@Itay: Yes (1) does not scale – neither for users, nor for the complexity of the code in multi-page applications

Vic

April 2nd, 2010

Look at “Fallacies of Distributed Computing” http://en.wikipedia.org/wiki/Fallacies_of_Distributed_Computing. If you do not want to have headache, try to avoid session state on server side if you have to support scalability.

stephan

April 2nd, 2010

@Vic: Contrary, if you want to scale cheap, you need to use web-tier state, scaling with the “rails-memcache-state-model” will cost you dearly in servers.

Tim Jansen

April 2nd, 2010

I don’t think that losing the state in the server is the main problem, but rather implementing it correctly. Back buttons, reloads, double clicks on links/buttons and sometimes even new tabs are all working fine in multi-page forms as long as you keep all conversational state in the form as hidden fields. But when you store things on the server, you need to deal with them (undo parts of the conversation, or even duplicate the conversational state and open a second conversation).
Are there any frameworks that handle this correctly?

stephan

April 2nd, 2010

@Tim: Depends what you want. If you want the person to have two browser see each other, key the data the user, not the session ID. If you don’t, then have seperate sessions. What the product managers wants, two conversations or one conversation in two browser windows. But going with a seperate session store (like memcache) doesn’t solve your problems magically, you still need to think what you want.

As I’ve said, keeping state as close as possible to the client is best, so a cookie or the page works fine, the page is often hard though, and often leads to ugly URLs (most people do not want that) or to a lot of POST requests (which break the back button).

Vic

April 2nd, 2010

Stephan, Why do not save session state on client side if you need cheap solution for scalability. If state is on client side you can redirect client from one node to another easily and without any consequences.

Subbu Allamaraju

April 3rd, 2010

+1 to Stefan Tilkov’s comment. There are a lot of really large-scale apps (emails, shopping carts) are running fine without doing any of the hacks you mention. Sessions do not scale. The tradeoffs shouldn’t be taken lightly.

stephan

April 3rd, 2010

@Subbu: They run all without holding any state? How is that? (which fields should be sorted, auto safe, …)

Gmail has extensive state, I guess holding it in JS variables as mentioned in the post. I don’t use other web email apps, perhaps you could point me to one without any state holding?

stephan

April 3rd, 2010

@Vic:

You: “Stephan, Why do not save session state on client side if you [...]”

To quote the article: “1. Best state store: Client (window.name hack, Javascript variables for AJAX applications Cookies)

Cheers
Stephan

April 7th, 2010

I think that Wicket is a perfect framework for holding state in the web tier. It is also possible in Wicket to make your own page store (thing that keeps state) and possible to make a Redis implementation (isn’t that already available).

PaaS, much ado about network services « Rob Hirschfeld's Blog

September 22nd, 2010

[...] an application can be written as stateless code (really “externalized state” is more a accurate description) that relies on these services for [...]

Stateful or Stateless? « IT Primer

December 8th, 2011

[...] stateless applications are an illusion. A comment to that post nails it: “stateless applications are no applications, they are … ummm [...]

What people wrote somewhere else:

codemonkeyism

April 1st, 2010

Just blogged “Stateless Applications are an Illusion http://bit.ly/dmtYO6″ #codemonkeyism