i creating first webapi project using extjs client-side , trying understand login procedures. i'm trying understand session used , if use rest, session should not part of it.
rest design stateless. adding session (or else of kind) making stateful , defeating purpose of having restful api. whole idea of restful service every resource uniquely addressable using universal syntax use in hypermedia links , each http request should carry enough information recipient process in complete harmony stateless nature of http".
i'm bit confused on session... normally, when user logs in sessionid recorded somewhere on server? when user makes request, url sends sessionid server , if id valid proceed request. have right?
on other hand rest request message sends username/password everytime request sent.
do have right? using rest on webapi, can skip whole concept of session , keep sending username/password... or there better way?
can skip whole concept of session , keep sending username/password... or there better way?
yes, web api has token based authorization - bearer token. using it, can totally avoid using session state.
secure web api individual accounts , local login in asp.net web api 2.2
in nut shell, when user authenticated, server issues token instead of session state. every request, user sends same token along payload.
Comments
Post a Comment