REST, sessions, authentication

brasse · November 24, 2006, 1:40pm

Hello!

I have been trying to read up on this REST stuff that everyone is talking about. It all seems very nice, but I can't seem to handle user sessions and still have pretty URLs. Perhaps someone here has a solution.

As far as I can see, rails sessions breaks REST since the session the cookie refers to state located on the server. Another way to handle sessions would be to make them a resource and then refer to a session in the URL. Something like:

http://host/controller/action?session=xyz

This is in my opinion not as nice as the same URL with no session id suffix. My main gripe with session ids in the URL is that the URL isn't bookmarkable in the same way as a URL without a session id. It might also be confusing for the end user if he wants to share an URL with a friend. Come to think of it, it might also be a security hole if a user decides to share an URL with a friend.

What is this group's take on REST and sessions? I have just recently started to read about REST so I might have missed something important. In that case maybe someone here can point me to some right direction.

Regards, Mattias

Duplex · November 24, 2006, 1:52pm

As far as i know (and admittedly i dont know THAT much) Cookie information is sent in the header of a browser request alongside with POST, GET etc ... so i dont see an reason REST should break sessions? I have to say i didnt rellay work with REST though.

Got any links to read up on this? Never heard about this issue ...

brasse · November 24, 2006, 2:24pm

I found this link: Yahoo | Mail, Weather, Search, Politics, News, Finance, Sports & Videos in the REST FAQ: http://rest.blueoxen.net/cgi-bin/wiki.pl?RestFaq

:.:: mattias

brasse · November 27, 2006, 10:34am

Alan Francis wrote:

Rick's restful_authentication plugin makes uses and sessions into resources.

login => session/create logout => session/destroy signup => user/new

http://www.agilewebdevelopment.com/plugins/restful_authentication

Can anyone tell me what a URL would look like using this plugin? How is the session resource specified when using a controller other than the session controller?

:.:: brasse

Topic		Replies	Views
REST and special URLs rubyonrails-talk	1	102	May 27, 2007
Anyone using Restful_Authentication or could tell me ? rubyonrails-talk	5	127	September 23, 2006
restful authentication - session_path rubyonrails-talk	2	261	August 24, 2007
REST vs. legacy stuff with state in session? rubyonrails-talk	0	141	December 5, 2007
RE: [Rails] Re: Sessions without cookies?? rubyonrails-talk	1	169	September 30, 2006

REST, sessions, authentication

Related topics

More Resources