On Nov 22, 2010, at 4:04 AM, Ken Ken wrote:
>
> Hi,
>
> I am reading up on stateless restful with jersey. One of the
> architecture is
> build up server side services to be stateless. However, my question
> is how
> will user context handles between server and client securely and
> effectively
> as every call from the client will be stateless call back to server?
> Any
> thought on this?
>
The "stateless" constraint in REST does not mean there is no state,
otherwise one could not do very much :-)
That constraint applies to the request and response messages. To
conform to that constraint clients and servers should not assume a
request/response exchange pattern that relies on out-of-band
information (which is what session state using cookies is, or the FTP
protocol does, the client and server remember the current working
directory).
There are two forms of state in RESTful services, application stored
on the client and resource state, identified by URIs, stored on the
server. Authentication information is required to be sent with every
request.
Hth,
Paul.