-3

I've been reading up on the subject of session management and authentication when using REST and although there are solutions, my understanding is that REST should be stateless and so managing a session doesn't really belong in that architectural style.

If my project requires authentication (but not necessarily REST), what are my options for developing a browser-based web application?

Sotirios Delimanolis
  • 274,122
  • 60
  • 696
  • 724

1 Answers1

1

I think is general wisdom that Web Services -either REST or SOAP- should be Stateless. There are several good reasons for that in Stateful Webservice.

So I think that if you're project requires Session Management, it should in the Presentation Tier (the Web Application) and not in your Business Logic tier (your Web Services). Each Web Service should -and must- enable authentication but the Session Management should be done in your Web Container: Every Web Application platform supports that and is the correct place where it should be done.

Community
  • 1
  • 1
Carlos Gavidia-Calderon
  • 7,145
  • 9
  • 34
  • 59
  • I'm using tomcat with jersey. You don't have access to the session context as you would using servlets directly. What I mean by session management is storing different objects in the session to use them in other requests by the same client. This is custom stuff not default behavior for determining the client by the container. – Sotirios Delimanolis Oct 12 '12 at 01:58