Web programming


Writing Kaya web applications

Kaya has built-in support for web application development (using the standard CGI interface). Web applications are treated as event-driven applications, where the next function call is determined by the user’s choice of link or form submission. Arbitrary state may be passed from stage to stage implementing a stateful application over the stateless HTTP connections, while strong encryption ensures that this state cannot be forged.

Kaya has two separate models of web application development: cgi and webapp.

The CGI model is designed for low-level CGI programming, rapid prototyping or testing, and small applications. However, there is no built-in support for structured HTML documents.

The webapp model is designed for larger scale web applications, and has several useful features such as form auto-filling, structured HTML generation, and easy support for web image generation via the optional Image module.

State handling

Both models use the passing of a partial function reference (closure) from page to page to handle state. The function used to generate this varies between the two models, but the principle is the same. The following example from the webapp model calls the registerUser() function with a parameter of NormalUser.

data UserType = NormalUser | Administrator;

ElementTree registerUser(UserType utype) {
    // code to register a user here

ElementTree registrationForm() {
    // more code here
    form = addLocalForm(document);
    // add form fields here
    submit = addLocalControlInput(form,"Register User",
    // more code here

The function is created in the first call to the application, and then run by the second call.


webconfig function may be used in both CGI and webapp programs. It will be called after global initialisation but before anything else, and can be used to control certain processing settings in Kaya (for example, maximum accepted POST size, the temporary directory for file uploads, and so on). Because it is run before user data is read, you cannot use anything depending on user data within it.

For more information, see the documentation for the WebCommon module.


Every kaya program contains internally a secret application key set during compiling and used for AES encryption of values. It is trivial for someone able to read the program to retrieve the secret key and forge requests, potentially allowing them to call any function in your program with any parameters. You must therefore ensure that no-one is able to read your application binary.

If you download precompiled web applications from the web, or suspect that your application secret key has been compromised, you can change the secret key without needing to recompile using the rekey program – simply do rekey webapp.cgi to make a new key. If you are packaging Kaya webapps, strongly consider making your install script call rekey itself.

More details

The tutorials in this section give additional information about various aspects of Kaya programming.


You can download ‘Powered by Kaya’ logos for use in your webapps from our Extras section.

Recent Comments

No comments to show.