Every auth system I have seen for Ember has been token based. Is there a good reason why this is being done instead of relying upon server-side sessions? Considering that ajax is just regular HTTP requests I am failing to see the downside to server-side sessions to maintain authentication state.
Asked
Active
Viewed 2,256 times
2 Answers
4
Ember.js uses REST to communicate to the server. REST requires the server to be stateless. Token authentication does not require the server to have state, while server-side sessions do.
EDIT: here's an elaborate response on using sessions with REST: https://stackoverflow.com/a/6068298/1765925
Community
- 1
- 1
Teddy Zeenny
- 3,971
- 1
- 17
- 20
-
That's not entirely true. Only ember-data uses REST and that is only specific to the REST Adapter in ember-data. – bcardarella Mar 16 '13 at 18:35
-
To clarify: A lot (if not the majority) of client side apps are using REST to communicate to the server. This includes, but is not specific, to Ember.js. Even people who are not using ember-data also can use their own REST implementation, I've also seen custom ember-data adapters that use REST. My point being, token auth goes well with REST, so it could be the reason why you're seeing it instead of server-side sessions. – Teddy Zeenny Mar 16 '13 at 18:46
