REST身份验证无状态

I don't think 'statlessness' is a word but it will do :)

I'm attempting to create authentication for a REST service (PHP). I'm trying to make the service as stateless as possible. I read here(tip #4) that you shouldn't use $_SESSION which makes sense but it suggests using cookies as an alternative. I may have misunderstood what 'stateless' is but I can't see how a cookie is acceptable, I figured tokens was the way to go.

Can anyone explain how a cookie would acceptable in a stateless rest application and a session not?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
doutu7123 2011-09-07 10:49
关注
$_SESSION is on the server, but cookies are persisted on the client and are attached to every request. So if you have multiple servers for your application a persisted state in a cookie still works, but not a persisted state in $_SESSION.

In conclusion: the server side must be stateless, but cookies are part of every request and therefore no "magic" state. The idea is that every equal request produces the same result.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

REST身份验证无状态 php
2011-09-07 10:44

回答 1 已采纳 $_SESSION is on the server, but cookies are persisted on the client and are attached to every requ
D＆B API版本2，使用PHP进行REST身份验证 php
2014-07-01 12:36

回答 1 已采纳 <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'https://maxcvservices.dnb.com/
cakephp rest api和身份验证 php
2014-06-13 08:59

回答 1 已采纳 Basic is stateless authentication and doesn't need a login action. The credentials are passed and
php resf验证,REST API上的用户注册/身份验证流程
2021-04-24 15:22

天眞無鞋的博客我知道这不是第一次在...我不想评论这个问题中的所有几种身份验证方法,因为该主题已经在SO中完全覆盖.我将基本上为每个用户创建一个令牌,并且这个令牌将被附加在需要SPA验证的每个请求中.所有SPA-Server事务...
PHP REST API - 验证 php
2014-03-26 09:14

回答 1 已采纳 Oh, I just see the badge "no view and no answer for a long time" and it bring me back here. I've f
PHP中的REST身份验证（CodeIgniter） php
2010-05-09 07:30

回答 2 已采纳 I have written up a REST Controller to make your REST applications easier to build. You can read a
没有登录页面的Wordpress REST API身份验证 javascript php
2013-12-11 17:07

回答 1 已采纳 Have you tried the JSON API module? Here is the full documentation.
WP REST API：设置和使用基本身份验证
2020-06-10 16:54

cunjie3951的博客在本系列的入门部分中，我们对REST体系结构及其如何帮助我们创建更好的应用程序进行了快速复习。然后，我们探索了WordPress中REST... 在本系列的当前部分中，我们将在服务器上设置基本身份验证协议，以发送经过身份...
如何使用基本身份验证在php中授权rest api php
2016-02-26 14:24

回答 1 已采纳 Easiest thing is to use an existing Basic Auth middleware. With this middleware you can do somethi
WP REST API不需要在POST上进行身份验证 php
2017-11-02 16:44

回答 1 已采纳 You should use the permission_callback argument to authenticate the user. add_action( 'rest_api_i
使用REST API进行Docusign实时帐户身份验证无效 php
2014-05-29 18:39

回答 1 已采纳 Have you completed the DocuSign API Certification process yet? Your integration will not work aga
CakePHP-Stateless-Auth:完全和严格无状态的替代CakePHP AuthenticationAuthorization组件。设计用于仅通过REST方式访问的Cake应用程序
2021-05-22 10:19

CakePHP无状态AuthComponent 完全和严格无状态的替代CakePHP身份验证/授权组件。设计用于仅通过REST访问的Cake应用程序。提供的组件旨在替代Cake的库存AuthCompnent 。此替代StatelessAuthComponent是经过精简和...
带有Swagger的PHP REST API - LiveHelperChat php
2018-08-15 20:30

回答 1 已采纳 Found the answer: when changes are made, the cache needs to be cleared or even disabled while deve
了解REST：动词，错误代码和身份验证
2020-01-04 12:33

p15097962069的博客我正在寻找一种在基于PHP的Web应用程序，数据库和CMS中将API围绕默认功能包装的方法。我环顾四周，发现了几个“骨架”框架。除了我的问题的答案外，还有Tonic ，我喜欢它是RES
WP REST API：设置和使用OAuth 1.0a身份验证
2020-06-10 15:44

cunjie3951的博客在本系列的前一部分中，我们通过安装WP REST API团队在GitHub上可用的插件，在服务器上设置了基本的HTTP身份验证。基本的身份验证方法允许我们通过在请求标头中发送登录凭据来发送经过身份验证的请求。虽然方便...
没有解决我的问题, 去提问

悬赏问题

¥20 基于MSP430f5529的MPU6050驱动，求出欧拉角
¥20 Java-Oj-桌布的计算
¥15 powerbuilder中的datawindow数据整合到新的DataWindow
¥20 有人知道这种图怎么画吗？
¥15 pyqt6如何引用qrc文件加载里面的的资源
¥15 安卓JNI项目使用lua上的问题
¥20 RL+GNN解决人员排班问题时梯度消失
¥60 要数控稳压电源测试数据
¥15 能帮我写下这个编程吗
¥15 ikuai客户端l2tp协议链接报终止15信号和无法将p.p.p6转换为我的l2tp线路

REST身份验证无状态

1条回答 默认 最新

悬赏问题

1条回答默认最新