an other but different about rest and sessions

 

I read these excellent answers of this post: If REST applications are supposed to be stateless, how do you manage sessions? and few similar posts but I still have a specific problem with RESTful apps and sessions:

In an app where a user needs to log in to perform a request only once per month: is this feasible with a RESTful app?

I ask this because saving the session state on the server is forbidden within REST technologies but where can I save the last date the client performed the request so that I serve his request positively after checking the condition above (once per month). Or is this not feasible at all with REST tech?

UPDATE:

I first accepted the answer below but I remember I read this:

each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server .

Also from the first link, it is answered that:

The client's application state should never be stored on the server

So my question is still the same. Please help

The state of client is not what is at issue here but rather the credentials. Credentials are managed through Authorization schemes which typically generate a token in the form of a UUID which is passed with each request to identify the client. It is very secure if implemented on top of SSL.

The process looks like this.

  • Client logs in with username+password.
  • Server validates and returns a uuid/token.
  • Client makes a REST request.
  • Server looks at token in request
  • Server looks up the token and determines if the token is expired.
  • If the token is expired the server returns an http authorization error(401)
  • If the token is not expired the server returns the data in a response.

    • The session state that "stateless" refers to is not that kind of info. It only means that the server can't store what the current state of the client is. Nothing forbids storing the last connection date on the server. You can also store it on the client using LocalStorage for instance.

    链接地址: http://www.djcxy.com/p/7054.html

    上一篇: REST完全无状态,可能吗?

    下一篇: 其他的但不同的休息和会议