How to Manage Sessions in Restful WCF Service

2018-06-25 11:41:45

I want to manage Sessions with client apps of my Restful WCF Service. Client app can be a J2me application or a .NET application.

What is the recommended way of maintaining sessions in RESTFUL WCF service?

Idea is to recognize that the request is coming from an already authenticated client.

REST defines that the interaction is stateless, no client state is maintained on the server so you are looking to move away from a RESTful interface.

I cannot imagine a situation where you would want to maintain client state on a server that's providing WCF services. I think you need to look at your architecture as you are possibly about to cause yourself a lot of technical debt.

This question may be useful to you: Best Practices for securing a REST API / web service

I think they restful thing to do here is to send the user credentials on each request if you can do that in a way that is transparent to the user and doesn't compromise the credentials. If you can't do that, cookies for the sole purpose of maintaining client identity have become a common concession among developers of restful services. Just don't go storing anything else with the cookie.

链接地址: http://www.djcxy.com/p/71348.html

上一篇: RS访问控制

下一篇: 如何在Restful WCF服务中管理会话