Handling dynamic requests, server side ====================================== need to keep in mind: server can handle many requests in parallel (concurrency) easy, because HTTP is stateless CGI new process for each request does not affect web server if it crashes other ways to extend Web server: FastCGI WSGI mod_python, embed interpreter in web server Implement in Apache (in C language) Separate server, use reverse proxy -> web server in Python advantange: no need to start separate process for each request disadvantage: not always have process separation (if handler crashes, Apache goes down as well...) CGI review Apache new request create new process, pass environment --- STDIN ---> CGI process | <-- STDOUT --------+ FastCGI overview https://fastcgi-archives.github.io/ Apache start FASTCGI process(es), setup Unix domain socket (named pipe) <--- binary protocol ----> FastCGI process <--- binary protocol ----> FastCGI process <--- binary protocol ----> FastCGI process new request, pass data to running FastCGI process --- data ----> FastCGI process | <-- data -----------+ --- data ----> FastCGI process | <-- data -----------+ Client-side programming ======================= Server-side can be done in any language, but browser dictates client-side programming * JavaScript (JS) Brendan Eich, Netscape, circa 1995 Java != JavaScript JavaScript is a scripting language (JIT), dynamically typed, OO, ... Java is a compiled language, statically typed, ... ECMAScript specification browser wars, around 2000: Microsoft/Internet Explorer vs. Netscape, Mozilla, Firefox, later Chrome AJAX .. allow to load data from a server in the background Node.js .. web server (in Javascript) Macro language, embedded in applications * WebAssembly Javascript is source code, can be minified, but still large and resourceful to parse WebAssembly is a binary format, object code; easier to parse and JIT runs in the same JavaScript sandbox * Java applets (a thing of the past) * Browser extension: Macromedia Flash, ActiveX (a thing of the past, thanks Apple / Iphone) Sandbox A browser allows to run foreign code on own device, problematic! e.g. cryptominer, send local files, etc. Security mechanism to separate running programs in browser: - separate browser tab from other tabs - separate JavaScript running in browser from host system similar idea: virtual machine/PC Policies what is allowed and what not; e.g. same-origin policy https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy Graceful degradation https://caniuse.com Graceful degradation .. allmähliche Funktionsminderung Also if the presentation device has limitations, a web site / application should work, at least to some extent. Examples: without Javascript, without Cookies, without colors, without graphics (text only), without latest HTML feature, without latest CSS feature it is OK to make a website more beautiful, more intuative, quicker to operate, etc. using latest technology, but it should still be accessible and provide basic service without.