Thank you, Ryan, for the suggestion.
I guess I may be able to use the 2-legged OAUTH for authentication but I am
very leery about using anything that is scantily documented these days after
spending days trying to get DIGEST Auth to work in GF based on a blog
written in 2005.
Once again, thank you.
On Tue, Mar 29, 2011 at 6:05 PM, Ryan Stewart <rds6235_at_gmail.com> wrote:
> Try something like OAuth. This looks like a good overview:
> http://wikis.sun.com/display/Jersey/OAuth. You don't have to have a
> session. Just incorporate auth info in each request. With a human user
> interacting with a webapp, that's just too burdensome, but since it will
> typically be machines interacting with an API, authenticating each request
> isn't a problem and is very secure.
>
>
> On Tue, Mar 29, 2011 at 7:31 PM, Arthur Yeo <artyyeo_at_gmail.com> wrote:
>
>> Hi All,
>>
>> After a user gets authenticated, what do you recommend to handle the
>> concept of a session without breaking the RESTful paradigm?
>> It seems like all post-login requests to the server needs to include some
>> kind of nonce or token to identify the "session" so to speak.
>> If that's so, the server needs to understand and store that token to
>> validate it for every incoming request.
>> Wouldn't that break the RESTful paradigm since the server is now storing
>> application state?
>>
>> --
>> Arthur Y.
>>
>
>
--
Arthur Y.