[Info-vax] Restful API w/JSON client package or library on OpenVMS
Arne Vajhøj
arne at vajhoej.dk
Thu Mar 14 20:29:21 EDT 2024
On 3/13/2024 10:45 PM, Lawrence D'Oliveiro wrote:
> On Wed, 13 Mar 2024 22:19:39 -0400, Arne Vajhøj wrote:
>> But since RESTful web services should not use session cookies ...
>
> Why not? It’s a valid form of authentication.
Sessions is a great idea for browsers communicating
with web applications. Session cookies may not be that
great, but they are better than the alternative URL
rewriting to support sessions.
But web services in general are different. RESTful web
services are very different. There is no general
purpose browser but a specific client application.
A RESTful service is stateless so it cannot keep a
session server side. Frequently the authorizing service
is different from the authorized service for modern web
services. Session cookies are not an option in that context.
There are plenty of alternatives. I believe that HTTP Authorization
header with "Bearer" type and JWT tokens are common.
Arne
More information about the Info-vax
mailing list