Security Software Conflicts with AJAX? 84
ithyus needs help with the following: "My employer is running an e-commerce site that, until recently, our customers were quite happy to use. With increased traffic to the site we decided to implement AJAX to try to reduce the load on our database servers. In doing so, our customers have experienced all kinds of problems with security/privacy software such as Norton and McAfee. It seems that no matter what we do we can't make these programs happy. Bigger companies such as Google have documented work arounds for some of them, but we wouldn't be able to keep our docs current with all the software that's presently out there. I'd really like to know how Slashdot's readers have handled these issues. Since security programs don't appear to be compatible with the emerging features of the Internet, do you simply suggest that the customer disable the offending software or do you opt to offer some support for the more popular ones? Are those really the only two options? How do you justify your method?"
Re:Eh? (Score:5, Informative)
Simple. Let's take Slashdot moderation as an example. Last time I saw it, it included a drop-down for each comment, and the ability to submit your moderation for all comments. When the form is submitted, the user-agent transmits the moderation status for each comment to the server, and reloads the entire page. This entails not only wasting bandwidth (by transmitting all comment statuses instead of only those that have been altered), but also a high cost because even if you only moderate one comment, a page with potentially hundreds of comments has to be sent back to you.
A moderation system that uses Ajax to submit comments, on the other hand, sends only one status for only one comment, and doesn't have to reload the page with hundreds of comments, because all it needs is a simple success or failure flag in return. Thus, if you moderate five comments, you might make five requests, but those requests are tiny compared with the single massive request that the non-Ajax version needs to make.
In the more general case, it may very well be that some database queries simply don't need to be made in most cases, but do in a minority of cases upon certain user interactions. In these cases, without Ajax, you are stuck performing the queries preemptively for all users, instead of only in the minority of cases where it is needed.
Thinking "more HTTP queries == worse performance" is an incredibly superficial analysis and neglects many important factors.
Re:Haven't run across this yet (Score:3, Informative)
IE only supports AJAX through activex (this is changing in version 7 but that won't be widely deployed for a while).
Re:Eh? (Score:3, Informative)
In GMail for instance, it would make sense for open sessions to not query the users mailbox each time the requestor wants a list of (new) messages, but to move to an approach where a new message being delivered to the mailbox notifies the session that there is a new message. I really see no reason that GMail should be querying for the list of messages more than once after login. The data should be brought up from the archive to a faster access medium such as a distributed memory cache, sorted, indexed, and served from there. If the dataset does not undergo any significant changes, the last copy generated is still current and can be recycled with bare minimum overhead. Changes to the data should be performed to the in-memory version and backgrounded to the real database. Unfortunately the approach of 'put it into the database when it comes in'; 'get it out of the database every time you need it' when there are no strict transactional requirements is very often an extremely poor way to code high performance web applications and there are a great many large website engines that are unfortunately coded this way. Every time I see a 'slashdotted' site that is throwing database errors yet serving essentially static content I abandon all hope. This is particularly true when the site in question is supposed to be hosting an article about how to increase server performance, implement coding best practices, optimize web applications, etc.