Reputation: 2449
REST Authentication statlessness
I don't think 'statlessness' is a word but it will do :)
I'm attempting to create authentication for a REST service (PHP). I'm trying to make the service as stateless as possible. I read here(tip #4) that you shouldn't use $_SESSION which makes sense but it suggests using cookies as an alternative. I may have misunderstood what 'stateless' is but I can't see how a cookie is acceptable, I figured tokens was the way to go.
Can anyone explain how a cookie would acceptable in a stateless rest application and a session not?
Upvotes: 0
Views: 382
Answers (1)
Reputation: 3956
$_SESSION is on the server, but cookies are persisted on the client and are attached to every request. So if you have multiple servers for your application a persisted state in a cookie still works, but not a persisted state in $_SESSION.
In conclusion: the server side must be stateless, but cookies are part of every request and therefore no "magic" state. The idea is that every equal request produces the same result.
Upvotes: 6
Related Questions
- Token-based REST API Authentication
- PHP RESTful Webservice with Slim Framework, Authentification needed or against statelessness?
- Restful authentication and authorization
- Create a REST service
- PHP Stateless Authentication
- PHP rest API authentication
- PHP: creating and consuming REST and authentication
- PHP RESTful API to accept authentification
- PHP: call to a REST api
- Building a simple RESTful api