Reputation: 8186
Is it good to implement REST api using Sessions?
A REST client usually send an authentication parameter every time which acts like PHP Session Id cookie in browser in a way. But REST client is no browser so I though in my server side code why not I take that authentication parameter and use
session_id($_GET('authentication_code'));
Is it good way of doing it ??
Upvotes: 2
Views: 8827
Answers (2)
Reputation: 1571
REST stands for Representation State Transfer and in it's purest form boils down to 6 constraints, one of which is that the client-server communication must be stateless, it must contain all the information needed to complete the request, no client state must be stored on the server.
The server CAN be stateful however, which is why you can store a client's auth code on the server, but it is up to the client itself to pass that code with each request, the server cannot use sessions to store the authentication code.
Upvotes: 5
Reputation: 29985
The answer is no. The S REST is for stateless which means you cannot store anything on the server.
Upvotes: 0
Related Questions
- How to make use of session in REST API
- Should I rely on sessions?
- The correct way to use sessions?
- PHP - Sessions and REST
- Is using one session secure enough?
- PHP API authentication and sessions
- Are there limitations in PHP session handling?
- How to use PHP sessions with REST client application ?
- Why not use PHP's built-in session handling?
- Why is it not good to use $_SESSION in Restful Implementations?