an other but different about rest and sessions
I read these excellent answers of this post: If REST applications are supposed to be stateless, how do you manage sessions? and few similar posts but I still have a specific problem with RESTful apps and sessions:
In an app where a user needs to log in to perform a request only once per month: is this feasible with a RESTful app?
I ask this because saving the session state on the server is forbidden within REST technologies but where can I save the last date the client performed the request so that I serve his request positively after checking the condition above (once per month). Or is this not feasible at all with REST tech?
UPDATE:
I first accepted the answer below but I remember I read this:
each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server .
Also from the first link, it is answered that:
The client's application state should never be stored on the server
So my question is still the same. Please help
The state of client is not what is at issue here but rather the credentials. Credentials are managed through Authorization schemes which typically generate a token in the form of a UUID which is passed with each request to identify the client. It is very secure if implemented on top of SSL.
The process looks like this.
The session state that "stateless" refers to is not that kind of info. It only means that the server can't store what the current state of the client is. Nothing forbids storing the last connection date on the server. You can also store it on the client using LocalStorage for instance.
链接地址: http://www.djcxy.com/p/41000.html上一篇: 数据库,表和列命名约定?
下一篇: 其他的但不同的休息和会议