Home/ Questions/Q 6715155
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T08:34:51+00:00

I’m developing small REST service which should support client session persistence. As you know

  • 0

I’m developing small REST service which should support client session persistence. As you know because of REST we can’t store any client data on the server, data must be stored on client side and client’s request must be self-sufficient. So…how we can store client sessions? Searching over the internet I’ve found some methods how to realize this. For example: we send to the client encrypted token which contains client’s id(nick…etc), like token = AES(id, secretKey); and then we’re authorize user every request decrypting token on the server with secret key. Can anyone advise anything? Maybe there is another good ways to do same functionality. Which crypto algorithm will be preferable for this? Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You mentioned:

    As you know because of REST we can’t store any client data on the
    server, data must be stored on client side and client’s request must
    be self-sufficient.

    REST doesn’t say you can’t store client data on the server; it just says you shouldn’t store application state there, which you can think of as “what this client is in the middle of trying to do”.

    If you are primarily trying to just have a concept of authenticated users, then a standard login cookie will work just fine and is not “unRESTful”.

    • 0