Vidar Ramdal wrote: > On Thu, Jan 28, 2010 at 9:17 AM, Carsten Ziegeler <[email protected]> > wrote: > >> I think the new authentication bundle is a great step forward. However >> :) I think we should enhance it a little bit to support cookie/session >> based authentication. >> [...] >> WDYT? > > Two questions immediately comes to mind when considering user sessions: > 1. Is it really RESTful? > 2. How do we handle sessions in clustered environment? Ok, I guess sessions are not restful :) and maybe I shouldn't have mentioned session in my RT at all :) Therefore I think we should not care about sessions. However if you want to use sessions, app servers usually provide replication mechanisms for a clustered environment or you use sticky sessions.
Nevertheless, the cookie contains some kind if id which identifies the user - so this can be compared to a session id. If you want to use such ids with cookies you have to replicate them in a clustered environment or again use sticky "sessions". These ids can easily be replicated by storing them in the repository. Carsten -- Carsten Ziegeler [email protected]
