It seems to me like cookies are are regarded as something to be avoided (and undoubtedly they are usually misused), but aren't there RESTful uses of cookies...
9892
Elliotte Rusty Harold
elharo@...
Dec 1, 2007 9:20 pm
... You're breaking REST then. One fundamental principle is that the URI identifies the resource, nothing else. Addressing and authentication are two separate...
... Actually, the URI DOES identify the resource and nothing else. It's the cookie (to be used only in the XHR 'personalizing" request) that handles identity...
9894
Elliotte Rusty Harold
elharo@...
Dec 2, 2007 12:56 am
... There's a fuzzy issue here of just what exactly constitutes a resource. There's a line beyond which sufficient client personalization has created a new...
... I think the potential for abuse has in some cases triggered a knee-jerk "All cookies are evil!" reaction, but yeah. As long as they don't replace things...
... But I'd suggest that it's a resource that the server need not know anything about. For one thing, it won't be of any use to anyone but this particular...
... I suspect that we will see more and more pages that are "composed" of various services accessed by a page asynchronously (usually w/ XHR) and although my ...
... Agreed to the extent that the client needs to manage those compound objects (i.e. new resources), but needing to assign them a URI, I'm not convinced. I...
if this is about how to determine the currently authenticated user while still staying close the REST constraints, it seems trivial to create a resource that...
... This presuposes that the request to /user/current/ will run into a "hark-who-goes-there" WWW-Authenticate response, right? And that the browser's Auth...
... However, now you've created a system where users cannot pass a bookmark to someone else. JoAnn.com, a pretty major player in the sewing/craft industry,...
two things: peter: i was thinking that the /user/current/ request would *not* return a 401. this could be a public resource that returns the auth'ed user *or*...
... But in the scenario described, the original URL still works after being passed to someone else. This new user simply sees a non-personalized site and will...
... Oh yes, of course -- my mistake. The server has access to the currently logged in user (in php by way of the $_SERVER['PHP_AUTH_USER']). I had forgotten...
... There's a thread going now ("are cookies EVER restful") that seems to be settling on HTTP auth as a good alternative to cookies for remembering the logged...
... pkeane> There's a thread going now ("are cookies EVER restful") that pkeane> seems to be settling on HTTP auth as a good alternative to pkeane> cookies for...
... That's the solution I've leaned toward, other than the issue of dumb clients (e.g. browsers without JavaScript). ... Like a newsreader's newsrc file, you...
karen: without thinking through all the details it seems that, if you want to support 'dumb' (read:non-scripted) clients, you are bound to build all the state...
... Not to me. Without control of the clients, I would never mandate Javascript for a function as vital as logging out. Regards, -- Aristotle Pagaltzis //...
... I was thinking more along the lines of http auth as as better option than cookies as a way to "remember" the user across requests w/o embedding a user-id...
... pkeane> I was thinking more along the lines of http auth as as pkeane> better option than cookies as a way to "remember" the user pkeane> across requests...
... I guess I'm going to break RESTfulness in that case, because I'm not seeing a benefit to uniqueness at that point, and I *am* seeing drawbacks (inability...
Hello, I was hoping to use XHTML as a representation format for all the great reasons I read about in Richardson and Ruby's book, but I have a question: Lots...
As a point of RESTful design, you should try to avoid formats which aren't internet standards. If that's not feasible in this case, which is totally possible,...
Miles, Most of the XML tools and technologies I've worked with automatically handle escaping and unescaping. For example, if you set the content of a ...
Could you use an HTTP Link: header (http://esw.w3.org/topic/LinkHeader) to get the WADL if you have the URI of the resource? For example: Link: meta.wadl;...
... It seems to be under discussion in the IETF HTTP WG - http://lists.w3.org/Archives/Public/ietf-http-wg/2007OctDec/thread.html#msg46 Regards, - John...
