users@jersey.java.net

[Jersey] Maintaining Post-authentication state Vs being RESTful

From: Arthur Yeo <artyyeo_at_gmail.com>
Date: Tue, 29 Mar 2011 17:31:04 -0700

Hi All,

After a user gets authenticated, what do you recommend to handle the concept
of a session without breaking the RESTful paradigm?
It seems like all post-login requests to the server needs to include some
kind of nonce or token to identify the "session" so to speak.
If that's so, the server needs to understand and store that token to
validate it for every incoming request.
Wouldn't that break the RESTful paradigm since the server is now storing
application state?

-- 
Arthur Y.