As captioned, is it possible to achieve this without using cookie or session,and without involving any JavaScript as well?
Asked
Active
Viewed 218 times
0
-
See: [cookies vs local/web storage](http://stackoverflow.com/a/3220802/304683) – EdSF Jan 11 '17 at 16:20
1 Answers
2
No, this is not possible without involving some persistence on the client that is going to make the subsequent requests. There's no such notion in the HTTP protocol (other than a cookie) that would indicate to the client to include some header on subsequent requests automatically. So basically if you don't like cookies you might find another place to store the access token on the client - the local storage in the browser seems like a good place and include it in subsequent requests that a javascript client would make. Of course if your clients are not javascript then they will have to find an appropriate place to store the access token.
Darin Dimitrov
- 1,023,142
- 271
- 3,287
- 2,928
-
Thanks a lot! I had googled over and over again and no expected results were found. Based on your answer, I believe that cookie is the best choice for me currently. Do you have any comment about using cookie for the token? – William X Jan 11 '17 at 15:59
-
Personally I would prefer using the local storage of the browser. It avoids increasing the request payloads by this extra cookie by doubling its contents in both a Cookie and Authorization header. By storing it in the local storage of the browser, it will not transit as an additional header, only as an Authorization header that you would include with your requests. – Darin Dimitrov Jan 11 '17 at 16:01