3

I'm using Connect + ExpressJs.

I'm confused about the point of sessions and session management while writing RESTfull API. Can anyone explain to me the point of session management here?

Edit:

Was going through this example on ExpressJs which does indulge in sessions:

https://github.com/visionmedia/express/blob/master/examples/auth/app.js

And thus was confused about the usage of sessions if I'm doing an Oauth2.0 API.

Hick
  • 35,524
  • 46
  • 151
  • 243
  • Could you provide some specific code that you're referencing? It's hard to know what you're trying to do without any background whatsoever – Swift Jun 07 '13 at 07:59
  • I'm writing an API that is authenticated by Oauth2.0, an api that will be used by mobile apps. I do intend to write a web app, too. I was confused about the usage of sessions as I was already using an authenticating mechanism. – Hick Jun 07 '13 at 08:03
  • So if you look at that example, it's not actually using the session for the API. It's used to login the user and to display flash messages – Swift Jun 07 '13 at 08:28

1 Answers1

4

You don't need session management when you're writing a RESTful API unless you plan on doing something that would need to authenticate the user across multiple requests. For example, maybe you want a user with a cookie to not need to use an API token or you want to cut back on database requests by using cookies.

Most REST services just look up a user using some kind of API key or token though, so no sessions are necessary.

These questions might be helpful:

Community
  • 1
  • 1
Swift
  • 13,118
  • 5
  • 56
  • 80
  • Yes, in fact that was where I was confused as to point of sessions if most transactions will be API based. Though, I presume, I've to do session management once it becomes a web app. – Hick Jun 07 '13 at 08:00
  • A better example of when it might be good to use sessions might be for a client side javascript app. You don't want to store the API key on the client, so you authenticate with a cookie and they can consume that API without it. – Swift Jun 07 '13 at 08:10