Are session based web applications RESTful?

T

ttyigor2016-01-12 09:02:30

RESTful API

ttyigor, 2016-01-12 09:02:30

Inspired by one of the many articles on this topic, for example habrahabr.ru/company/1cloud/blog/274881 .
If, after a user logs in, an entry is created on the server in the session table, and the session id is passed in the cookie with each request, is such an application RESTful? As I understand it, no, because. violates the stateless principle.
For an application to be RESTful, it needs to be authenticated on every request. Give examples of how this can be implemented, and does it make sense to bother?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

vsuhachev, 2016-01-12
@vsuhachev

Usually, authentication does not occur with each request. The token received during authentication is sent. How to send it is the tenth thing, you can also use cookies, but it is much more efficient in the same request in the headers.
A stateless violation is when 200 is returned at the user/1 url and the data is different depending on whether the user is logged in or not.
If user/1 in the unauthenticated state gives 401, and in the authenticated state, no matter who is logged in - everything is OK, this stateless

P

Peter, 2016-01-12
@petermzg

Here is the answer to your question in the comments.