I think what we want is #1. #2 is not efficient IMO. And most publicly available REST APIs use this approach.
On Mon, Feb 10, 2014 at 5:59 PM, Isuru Haththotuwa <[email protected]> wrote: > > > > On Mon, Feb 10, 2014 at 5:49 PM, Isuru Perera <[email protected]> wrote: > >> Hi, >> >> The back end has secured REST endpoints. The CLI is keeping the >> authentication details in the memory. AFAIK, the CLI passes the >> authentication details for each request. >> >> I'm not sure about the recent changes for the CLI. >> >> 1. If the CLI user is authenticated only once, the back end should >> maintain a session and clear the session after a certain idle time. >> 2. If the CLI user is authenticated for every request, the CLI may >> implement a timeout. >> >> So, I think #2 should be the solution, if there is a real need for a >> session timeout. >> > +1. This is the correct fix in my opinion as well. Rest API should not be > keeping any state. AFAIK usually all details required should be passed to > the Rest API in each invocation. > >> >> Thanks! >> >> On Mon, Feb 10, 2014 at 4:43 PM, Pradeep Fernando <[email protected]>wrote: >> >>> Hi Manula, >>> >>> CLI is a client side thing. If there are session thing that should be >>> handle at the backend right. (?) >>> >>> >>> On Mon, Feb 10, 2014 at 2:20 PM, Manula Chathurika Thantriwatte < >>> [email protected]> wrote: >>> >>>> Hi All, >>>> >>>> Is it necessary to have $subject, because we are using REST in CLI. So >>>> do we need automatically sign out after some idea timeout of the CLI ? >>>> >>>> >>>> -- >>>> Regards, >>>> Manula Chathurika Thantriwatte >>>> Software Engineer >>>> WSO2 Inc. : http://wso2.com >>>> lean . enterprise . middleware >>>> >>>> email : [email protected] / [email protected] >>>> phone : +94 772492511 >>>> blog : http://manulachathurika.blogspot.com/ >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> Pradeep Fernando. >>> http://pradeepfernando.blogspot.com/ >>> >> >> >> >> -- >> Isuru Perera >> Senior Software Engineer | WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> about.me/chrishantha >> > > > > -- > Thanks and Regards, > > Isuru H. > +94 716 358 048* <http://wso2.com/>* > > > -- Best Regards, Nirmal Nirmal Fernando. PPMC Member & Committer of Apache Stratos, Senior Software Engineer, WSO2 Inc. Blog: http://nirmalfdo.blogspot.com/
