I don't think 'statlessness' is a word but it will do :)
I'm attempting to create authentication for a REST service (PHP). I'm trying to make the service as stateless as possible. I read here(tip #4) that you shouldn't use $_SESSION which makes sense but it suggests using cookies as an alternative. I may have misunderstood what 'stateless' is but I can't see how a cookie is acceptable, I figured tokens was the way to go.
Can anyone explain how a cookie would acceptable in a stateless rest application and a session not?