Search the web
Sign In
New User? Sign Up
rest-discuss · REST Discussion Mailing List
  • Members Only
  • Post
  • Files
  • Photos
  • Links
  • Database
  • Polls
  • Members
  • Calendar
  • Promote
  • Groups Labs (Beta)
? Already a member? Sign in to Yahoo!

Yahoo! Groups Tips

Did you know...
Want your group to be featured on the Yahoo! Groups website? Add a group photo to Flickr.

Best of Y! Groups

   Check them out and nominate your group.
Having problems with message search? Fill out this form to ensure your group is one of the first to be migrated to the new message search system.

Messages

   Messages Help
Message #
Search:
Advanced
REST and sessions   Message List  
Reply | Forward Message #5618 of 14029 |
Re: [rest-discuss] REST and sessions

Nic Ferrier wrote:
> Claude Montpetit <claude@...> writes:
>
>
>>Maybe this is off-track, but I think that if a server decides to support
>>sessions using cookies, I think the use of cookies should never be
>>mandatory. Writing simple clients that interact with a REST server
>>should not require the client to manage cookies.
>
>
> Why is that? Cookies are no more onerous to support then
> authentication. Both are "bolt ons".

Ultimately it is a matter of it no longer being a matter of URIs
identifying resources, authentication headers determining access rights,
content headers determining type of representation and other headers
determining what processing should be done in a well-specified manner.

It becomes a matter of URIs partially identifying resources,
authentication headers partially determining access rights content
headers partially determining type of representation and other headers
partially determining what processing should be done along with cookies
doing the Gods know what.
Tue Dec 20, 2005 11:27 am

Show Message Option
hack_poet
Offline Offline
Send Email Send Email

Forward 		Message #5618 of 14029 |
Expand Messages Author Sort by Date

... Why is that? Cookies are no more onerous to support then authentication. Both are "bolt ons". Nic...
Nic Ferrier
nferrier_tap...
Offline Send Email 		Dec 19, 2005
4:41 pm

... Ultimately it is a matter of it no longer being a matter of URIs identifying resources, authentication headers determining access rights, content headers...
Jon Hanna
hack_poet
Offline Send Email 		Dec 20, 2005
11:28 am

Going way back to one of Lyle's original questions: How would you create a real, mass-market-appeal web app using just HTTP authentication? ... Lyle points out...
Jeoff Wilks
jeoffw
Offline Send Email 		Dec 20, 2005
3:10 pm

... Funny....I never even thought about UI requirements when I read this. I was thinking in terms of "we are building an e-commerce or banking system that is...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 20, 2005
3:45 pm

For machine-to-machine communication REST seems dead-on obvious, I agree. But I think Lyle was asking more along the lines of, "I'm redesigning Bank of...
Jeoff Wilks
jeoffw
Offline Send Email 		Dec 20, 2005
3:59 pm

I still have yet to play with this: XMLHTTPRequest takes a username and password - I am pretty sure it sets the browser headers from that point on... give it a...
Christian Jensen
cjensen2k
Offline Send Email 		Dec 20, 2005
5:43 pm

... Yes, it does. Jan ... ________________________________________________________________________ _______________ Jan Algermissen, Consultant & Programmer ...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 20, 2005
6:48 pm

... Well, I'm lazy ;) I've written here and there little simple clients that use Java URLConnection and send auth headers in the request. If I must add...
Claude Montpetit
claude_montp...
Offline Send Email 		Dec 20, 2005
4:02 pm

REST does not use Session IDs - period. The entire request describes the entire transaction. The mechanism to use instead is HTTP authentication, preferably...
Christian Jensen
cjensen2k
Offline Send Email 		Dec 7, 2005
12:05 am

... What workaround for the ugly browser dialog are you using, Christian? I didn't know a clean solution existed yet. Thanks. - Lucas...
Lucas Gonze
lucas_gonze
Offline Send Email 		Dec 7, 2005
12:16 am

What server side language are you using? I might be able to provide a language specific example. ... From: rest-discuss@yahoogroups.com...
Christian Jensen
cjensen2k
Offline Send Email 		Dec 7, 2005
12:19 am

... PHP is my default. One instant payoff of having a solution is that XSS attacks couldn't grab auth info in cookies....
Lucas Gonze
lucas_gonze
Offline Send Email 		Dec 7, 2005
12:21 am

I thought I would have more time to write up an example but here is the gist of it: If you go and look at the parameters of the 'open' method of the ...
Christian Jensen
cjensen2k
Offline Send Email 		Dec 7, 2005
3:39 am

... Hmm. Does the browser then use those authentication credentials for subsequent requests? ...jsled -- http://asynchronous.org/ - `a=jsled;...
Josh Sled
joshsled
Offline Send Email 		Dec 7, 2005
5:10 pm

... AFAIK, yes, it does. You can use this to use JavaScript to alter the credentials sent for a given realm....(for whatever reasons one might want that) Jan...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 7, 2005
8:36 pm

... So this method would be called from the login page? After the user enters login info and presses the login button? ... Thanks - but how does this...
Lyle Kopnicky
qtseep
Offline Send Email 		Dec 7, 2005
6:37 pm

... I'm using Perl on the server side. -- Lyle Kopnicky Software Project Engineer Veicon Technology, Inc....
Lyle Kopnicky
qtseep
Offline Send Email 		Dec 7, 2005
12:21 am

Thanks for your response. I am still a little in the dark. ... What headers would those be? ... Sounds nice.... what exactly is it? A library? A server? A...
Lyle Kopnicky
qtseep
Offline Send Email 		Dec 17, 2005
5:10 am

... But HTTP authentication is quite limited. It requires 1 username and 1 password. Suppose I need just one piece of information, or three? Where do I put...
Lyle Kopnicky
qtseep
Offline Send Email 		Dec 17, 2005
5:13 am

Lyle, ... Of course cookies work just fine. The issue is that they break the architectural constraint of message self descriptiveness (see Roy's dissertation...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 17, 2005
11:23 am

... In what sense? ... Why would you? username/password is exactly what you need for authentication in general. ... No? Why do you think so? ... Umm...can you...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 17, 2005
11:55 am

Hi, I think many web developers (including me) when first met with REST, all sort of questions will pop up instantly, as REST breaks most of the current web...
toydi
iamstupidiot
Offline Send Email 		Dec 17, 2005
3:24 pm

... FWIW, REST does not break them, but takes them to the extreme. REST is an architectural style that specifically addresses problems in the space of...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 17, 2005
4:07 pm

... The problem is that those really aren't OO patterns at all; they're procedural antipatterns described in OO terms. Service Layer in particular (mentioned...
Justin T. Sampson
justin_t_sam...
Offline Send Email 		Dec 17, 2005
11:28 pm

... Because IT systems are to a large extend dealing with stored information (what you call dumb data) and reading and manipulating its state. That is what...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 18, 2005
10:59 am

Hi Jan, ... For what its worth, when I've discussed this with people it seems to come down to a question of side effects. * If the user's perspective is that...
Dr. Ernie Prabhakar
sandhyaprabh...
Offline Send Email 		Dec 18, 2005
8:03 pm

... RESTful systems seem to me at times to treat non-dumb data as dumb, by giving us the same view on something that is dynamically reacting to many factors...
Jon Hanna
hack_poet
Offline Send Email 		Dec 19, 2005
12:55 pm

... True, but a lot of the objections we had when cookies were introduced (the technical ones, rather than some of the concerns about privacy) are pretty much...
Jon Hanna
hack_poet
Offline Send Email 		Dec 17, 2005
6:30 pm

... The problem with cookies is that they lead to non self-descvriptive massages and thus to a non-REST architectural style. This is of course only a problem...
Jan Algermissen
algermissen1971
Offline Send Email 		Dec 17, 2005
12:02 pm
 First  |  |  Next > Last 
< Prev Topic  |  Next Topic >
Message #
Search:
Advanced
Copyright © 2009 Yahoo! Inc. All rights reserved.
Privacy Policy - Terms of Service - Guidelines - Help