StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow do I create a new HttpSession in a RESTful webapp?
text
Body
copied!<p>I have a need to create a HttpSession (via cookie) whenever a client invokes a particular UI. </p> <p>Assumptions:</p> <ul> <li>Let's assuming that I'm not going to worry about any deep oAuth-like authentication dance. JESSIONSID cookie impersonation is not an issue for now.</li> <li>The server is tomcat, thus a JSESSIONID cookie is sent down to the client if a new session is created.</li> </ul> <p>Design issues: </p> <ol> <li>I'm grappling with how to design the URI. What is actually the REST resource ? I already have <strong>/users</strong> and <strong>/users/{someuserid}</strong>. I wanted to use <strong>/auth/login</strong> but in one previous SO question, one <a href="http://prescod.net/rest/mistakes/" rel="nofollow noreferrer">cited article</a> says that we should not have verbs in the url. I've noticed that even <a href="http://code.google.com/intl/fr-FR/apis/gdata/articles/oauth.html" rel="nofollow noreferrer">Google makes the same mistake</a> by having <strong><a href="https://www.google.com/accounts/OAuthGetRequestToken" rel="nofollow noreferrer">https://www.google.com/accounts/OAuthGetRequestToken</a></strong>. So in your opinion, are <strong>/auth/login/johndoe</strong> (login) and <strong>/auth/logout/johndoe</strong> (logout) good options ?</li> </ol> <p>UPDATE:</p> <p>I've changed my design. I'm now thinking of using the URIs <strong>/session/johndoe</strong> (<em>PUT</em> for login, <em>DELETE</em> for logout). It should still be within the limits of the REST ethos ?</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload