Hello Stephan, thanks for your answers, more questions between lines: On Fri, Nov 19, 2010 at 2:13 PM, Stephan Koops <stephan.ko...@web.de> wrote: > Hi Fabian, >> We thought about having the client send a cookie (I'm cookie-ignorant) >> with each request, and have the resources check that cookie, which >> would 'expire' after a given ammount of time, or when the user >> explicitly states so (there's a Logout button on our UI, which just >> works on IE and FF for now, using a REST-based "logout" technique: >> basically it sends bogus authentication credentials invalidating the >> browser's cached ones). Cookies seem to be accepted as a RESTful way >> of exchanging such "state" information. >> >> This of course, posses another issue, how does the user renew the >> cookie when the session is nearing expiration? Is this handled >> automatically? As I've mentionned above, I'm cookie-ignorant, forgive >> me if I ask nonsense. > It could be renewed with every request send to the server. This is the > same as with sessions.
So, the cookie has to be "refreshed" (so to speak) on each request? Should I also store cookie-user state somewhere? >> Now, REST principles state that the server must not store any >> application state (for example, user sessions), so this seems to >> contradict our (commercially-motivated, agreed) needs. > You could handle this via Servlet API. Than your Restlet application > stays stateless, and you have your session to chek. > So, the architecture would be like this: Client --- Request --> Servlet API authentication "frontend" --- Request ---> REST Statleless core I'd have to sort of change my Guard for something using the Servlet API? Can I integrate that into my existing Guard (I already have guarded resources)? > best regards > Stephan > > ------------------------------------------------------ > http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2683255 > -- Fabián Mandelbaum IS Engineer ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2683338
