#408 ✓resolved
Xavier Noria

REST and sessions

Reported by Xavier Noria | August 16th, 2010 @ 06:14 PM | in The Rails 3 Way

Chapter 3 states in a few places that sessions go against REST principles.

I am no REST expert, but I've read O'Reilly's on the subject, and have followed the rest-discuss ML for a while, where all the gurus are subscribers.

I think I am not mistaken in saying that sessions vs REST depends on the session storage.

What REST disallows is not the idea of application state in general, it is the idea of application state stored in the server. REST demands that your requests are complete. For example, you know putting an auction_id in a hidden field of a form or in its action path is fine. There is state in that request the edit action wants to pass to the update action, and you dumped it into the page, so the next request to update a bid carries all what's needed. That's RESTful.

Now, using hidden fields and such is not the only way to do this. I know they have no problem using a user_id cookie for authentication for example. Why? Because a cookie like that is part of a request. And I am pretty sure that cookie-based sessions are considered to be RESTful by the same principle. That kind of storage makes your requests self-contained requests. That's the key point.

Problem is sessions stored in the server.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket


Referenced by