Answer the question
In order to leave comments, you need to log in
Maintaining a client session in REST services?
There is a need to write a small REST service that must maintain a session with the client. As you know, according to the principles of REST, we cannot store information about the state of the client on the server, everything is stored on it, and the request must be self-sufficient. So… how to store the session? Googling, I found a couple of ways: for example, you can try to send a token encrypted on the server with the user's id (nickname) to the client, something like: token = AES(id, sacredKey); And then authenticate each request by sending a token through the header (cookies), decrypting it on the server and getting the user id. Has anyone experienced this and can offer some advice? Pros, cons? Any other way or which algorithm is better to use? Thank you.
Answer the question
In order to leave comments, you need to log in
Why invent something?
Pass session_id in the query string and that's it.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question