> > It is a different story when building a RESTful API. There would be no > rendering behavior before form submission, and normally I use state-less > HTTP basic auth and then purposely turn off session feature. Unless I force > my api callers to do HTTP POST first, to yet another dedicated "token" api, > which will issue the token and also store it into some backend storage > (such as a DB or central key-value service), blah blah. But this sounds not > "lightweight" at all. > You could have the client generate its own unique token with each request (e.g., a UUID or timestamp) and cache that on the server for some period of time -- if another request comes in with the same token, then ignore the request and return an appropriate message (perhaps indicating whether a previous request was successful, in case the client didn't receive the success message from an earlier attempt).
Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
