rest,session , Sessions in a RESTful API [duplicate]


Sessions in a RESTful API [duplicate]

Question:

Tag: rest,session

This question already has an answer here:

I am currently reading up on REST, and one of the specifications of REST is that it should be stateless, and that every request should contain the necessary state in the URL or the body of the request. This contrasts with the practice of using sessions, which is very helpful for maintaining information like whether a user is logged in or not. So, if one wants to design a RESTful API, should sessions be avoided?


Answer:

Well, yes, at least on the server side. That' in fact, is kind of the point of REST: REpresentational State Transfer. By making sure that all needed state information is contained in the state being transfered over HTTP, and eliminating server-side session state, it makes it possible to build easily scaleable, expandable back ends.

Back in the Old Days we had to worry about session state, maintaining sessions, keepalive connections, state-sensitive load-balancing, and on and on. With REST, that's all eliminated.

So now, here's a pop quiz: how do you maintain state for things like login status without server side state? He's a hint: the HTML is not the only state the client manages for you.


Related:


Sencha/Extjs rest call with all parameters


json,rest,extjs,sencha-touch
I'm using ExtJs 5.1.1 and I've written a simple view with a grid, and selecting one row the corresponding model property are editable in some text fields. When editing is completed the button 'save' call Model.save() method, which use the rest proxy configured to write the changes on the server....

Consuming and exposing webservices in one project (.NET)


.net,web-services,rest,soap
What is best practice concerning consuming and exposing webservices in one project? (.net) I need to create a rest webservice to expose data. The rest webservice would need to consume this data from another (SOAP) webservice from a third party. (The data needs to be merged with data present in...

How can I get json objects without the object number?


javascript,jquery,json,rest
I have a simple json object that spits out 4 items that have completely different properties inside each one. I have got the json being displayed with the 4 objects that are called meta.work_content like so: [Object, Object, Object, Object] I can open these in console and see the objects...

Unable to select values from the select list


javascript,jquery,rest
my select list is getting populated via a service call but I cannot select any of the values from the select list. AJS.$("#select2-actor").auiSelect2( { placeholderOption: 'first', formatResult: function(actor) { return '<b>' + actor.text ; }, data: function () { var data = []; AJS.$.ajax({ dataType: 'json', type: 'GET', url: AJS.params.baseURL+"/rest/leangearsrestresource/1.0/message/list/{actor}",...

Remove resource wrapper from CakePHP REST API JSON


rest,cakephp,cakephp-2.2
My question is similar to this one. I understand the answer given there. The OP of that question doesn't seem to have my issue. I am using CakePHP 2.2.3. I am fetching a resource like this: http://cakephpsite/lead_posts.json and it returns results like this: [ { "LeadPost": { "id": "1", "fieldA":...

How to respond in Middleware Slim PHP Framework


php,rest,authentication,middleware,slim
I am creating middleware for auth into REST API. My API is created using Slim PHP Framework ,which in case provide great features to build APIs. One of this feature is Middleware. I need to check credentials in Middleware and respond with an error (HTTP code with JSON descriptions) to...

Link to another resource in a REST API: by its ID, or by its URL?


json,api,rest,api-design,hateoas
I am creating some APIs using apiary, so the language used is JSON. Let's assume I need to represent this resource: { "id" : 9, "name" : "test", "customer_id" : 12, "user_id" : 1, "store_id" : 3, "notes" : "Lorem ipsum example long text" } Is it correct to refer...

Can't save json data to variable (or cache) with angularjs $http.get


json,angularjs,web-services,rest
I have weird angularjs problem. I'm trying to fetch data from Rest Webservice. It works fine, but I can't save json data to object. My code looks like: services.service('customerService', [ '$http', '$cacheFactory', function($http, $cacheFactory) { var cache = $cacheFactory('dataCache'); var result = cache.get('user'); this.getById = function(id){ $http.get(urlList.getCustomer + id).success(function(data, status,...

Do we HAVE to generate and use client libraries to use Google App Engine's Endpoints?


ios,swift,rest,google-app-engine,google-cloud-endpoints
I am currently developing an Swift iOS app with GAE Endpoints for the RESTful API. It seems like all the tutorials and documents make you generate and use client libraries if you need to use the API on the client side. I was wondering if it's possible for me to...

@RestController throws HTTP Status 406


java,spring,rest,maven
I am working on a basic Hello World program using Spring and Restful webservices. But when I try to call my service I am getting below error message: HTTP Status 406 - description - The resource identified by this request is only capable of generating responses with characteristics not acceptable...

Using .update with nested Serializer to post Image


django,rest,django-models,django-rest-framework,imagefield
I have an ImageField. When I update it with the .update command, it does not properly save. It validates, returns a successful save, and says it is good. However, the image is never saved (I don't see it in my /media like I do my other pictures), and when it...

Server side session in asp.net


asp.net,web-services,session
I want to set one value in server side session in client side and need to access that session in web service, so i tried below In client side : //Set the server side session like below var vr_="demo.png"; '<%Session["path"] = "' + vr_ + '"; %>'; //In alert,checked the...

Stuck with nested serializer using Django Rest Framework and default user


django,api,rest,django-rest-framework,serializer
The models and serializers are described in the pastebin: http://pastebin.com/ZxzxWY7V In my database I have a user which also has a member profile and a set of credentials attached to it. Now... when I run this as is and try to pull a user using the AuthUserModelSerializer I get the...

How to include PHP $_SESSION values in a javascript file?


javascript,php,session
I use $_SESSION['siteRoot'] to store the root address of my website in (it's basically a framework so this can change depending on the URL used to access the site). I need to use this value in some of my javascript files... Up until now I've been including my js files...

after puttin php syntax, my website get stuck at preloader


php,twitter-bootstrap,session
I have this code on my php file for navbar: <?php if(!$session->is_logged_in()) { echo ' <a href="login.php" role="button" aria-expanded="false"> Login <span class="label"> login to system</span> </a> </li>';} else { echo ' <a href="#!" class="dropdown-toggle" role="button" aria-expanded="false"> ' . $session->user_name; . '<span class="badge bg-default">2</span> <span class="caret"></span> <span class="label">it is you</span> </a>';...

get information in database and insert into session codeigniter


php,database,codeigniter,session
i am new to codeigniter and using session. i am having a problem in inserting individual data in session. Model: function get_user_info() { $user_email = $this->input->post('signin-email'); $this->db->select('acct_id, acct_fname, acct_lname, acct_mname'); $this->db->where('email', $user_email); $query = $this->db->get('account'); return $query->result_array(); } Controller: public function LoginValidation(){ $this->load->library('form_validation'); $this->form_validation->set_rules('email', 'Email',...

multiple SESSION cookies being set?


php,session,cookies
My site is sending two different session id cookies (PHPSESSID), one under "www.sitename.com" and the other "sitename.com". I read this answer here which says to specify the domain used in the 5th parameter, but what about SESSION cookies which are created automatically? I think the issue is that the facebook...

Symfony2: ajax call redirection if session timedout


ajax,symfony2,session
I have a working dashboard with ajax request. I fire an ajax request on some events which will update a part of the dashboard. But if the session has expired, the part will be refreshed with the login page. How can i do a redirection after the ajax call if...

Springboot REST application should accept and produce both XML and JSON


java,xml,rest,jackson,spring-boot
I am working on Springboot REST API. My application should consume and produce both XML and JSON. I came across the Jackson json Xml dependency. <groupId>com.fasterxml.jackson.dataformat</groupId> <artifactId>jackson-dataformat-xml</artifactId> <version>2.5.4</version> </dependency> I added this in my pom.xml. Now I am able to accept xml input but the values are null when mapped...

remote data fetching inside model object in objective c using AFNetworking


ios,objective-c,rest,model-view-controller,afnetworking-2
In all of my iOS application I use this approach to respect MCV, I want to be sure that my implementation is correct and respects the best practices and the MVC design pattern : Singleton of AFNetworking acting as API for network calls: MyAPI.h : #import "AFHTTPSessionManager.h" #import "AFNetworking.h" @interface...

What's the best way to map objects into ember model from REST Web API?


json,rest,ember.js,asp.net-web-api,ember-data
The topic of this post is: my solution is too slow for a large query return. I have a Web Api serving REST results like below from a call to localhost:9090/api/invetories?id=1: [ { "inventory_id": "1", "film_id": "1", "store_id": "1", "last_update": "2/15/2006 5:09:17 AM" }, { "inventory_id": "2", "film_id": "1", "store_id":...

PHP Session Information Not Being Stored


php,session
I am trying to make a very simple website, where you can go to the main page and log in, of which the code is here example.org/login/index.php: <?php session_start(); $warning = $_GET['warning']; $nolog = $_GET['nolog']; $username = "Welcome, please log in"; if ($warning) { $username = "Wrong Username/Password Combination"; }...

REST Jersey server JAX-RS 500 Internal Server Error


java,rest,jersey,jax-rs
I'm calling this method and getting a 500 back from it. In the debugger I'm able to step though it all the way to the return statement at the end. No problem, r is populated as expected after Response.build() is called, the status says 200 OK. But that's not what...

In simple RESTful design, does PATCH imply mapping to CRUD's (ORM's) “update” and PUT to “destroy”+“create” (to replace a resource)?


database,rest,http,orm,crud
I'm trying to create a simple REST API and map it to CRUD. I have an ORM (DataMapper) which has methods like create, update and destroy. If I get it right, given a resource {a:'foo',b:'bar',c:'baz'}, performing a PUT {b:'qux'} is supposed to replace the resource and result in the same...

Meteor: Passing Session values from client to server


javascript,node.js,session,meteor
I am using the following code on the client side to set the Session variable: Template.download.events({ 'click button': function() { var clientid=Random.id(); UserSession.set("songsearcher", clientid); console.log(clientid + UserSession.get("songsearcher")); I am using the following pacakge: Meteor-User-session, which will explain the use of UserSession in place of Session. Now, this works fine. But...

REST API with token based authentication


angularjs,codeigniter,api,rest,token
I want to develop a web site with AngularJS. On the backend side I will use Codeigniter REST framework. I have some security issues and I don't want to start developing without fixing them on my mind. I don't want to use something like api key because it will be...

How to specify supported http operation for a resource in json-ld?


rest,http-method,json-ld
I'm new to JSON-LD and I was wondering if there is any way of specifying supported operation of a resource in JSON-LD without using Hydra's supportedOperation or supportedProperty. Is there any way to specify the context something like : { "@context" : { "@vocab" : "http://www.schema.org/", "data" : "object", "id"...

Authentication with OAuth and JWT but without OpenID Connect


session,authentication,oauth,authorization,openid-connect
I’m wondering if I really need OpenID Connect to provide authentication on top of OAuth2. It seems to me if I generate JWTs (JWE) as my access token and I store user claims, roles/permissions, etc. in the access token, then the OpenID Connect's id token isn't needed. Resource servers can...

codeigniter session object expired availability


php,codeigniter,session,session-state
This might be a silly question. Once a user has been logged in, if session expires I want to redirect him to a "lockscreen" instead to a "login" page. I want to send to the lockscreen some session data (like img-src and loginname) So, here's the question. Does session object...

How to expose existing REST API through Azure Service Bus (or through something else)


rest,azure,azureservicebus
I have an existing on-premise REST API from an external vendor. I'd like to expose this API unmodified to the outside world through an Azure website. So I have customers that run this API on-premise and I'm developing a PaaS/SaaS app that should access these on-premise API's. I also have...

session value in javascript cannot be set


javascript,function,session
I am quite new to javascript, I wonder why my session value in javascript wont be set to 1 even I tried. When call this function again, the value of the session will change again. My javascript code as below. <script type="text/javascript"> function Confirm() { alert(<%=Session["Once"]%> != 1); var value...

How to share the same email session between all instances of the application?


java,session,java-ee,javamail
Maybe this question is already answered, but I couldn't find the proper answer. I have a web application based in JSF, and I want to share the same email session between all the instances of the application, yet I haven't found how to do that. My questions are: a) What...

OSX tmux configuration session open file in vim automatically


osx,session,vim,configuration-files,tmux
So I have tmux and vim running in iterm2 on OSX. I have a tmux.conf file that sources a session in ~/.tmux/ called 'left'. I have successfully loaded this session with three panes. Two panes in a left column and a single pane on the right. I have also managed...

Mailchimp Ecommerce360 Javascript Implementation


javascript,rest,e-commerce,mailchimp
Wondering if anyone can provide an example of how to pass a request to the /ecomm/order-add function of the Mailchimp API using javascript. This is critical for making use of Mailchimp's Ecommerce360 tracking. Here is documentation from Mailchimps API: https://apidocs.mailchimp.com/api/2.0/ecomm/order-add.php...

how do i store these values into just one Session PHP


php,session
I have this variable that contains multiple values and I want to save all the values into a $_SESSION['gamecode']. It displays only the last value. $var=explode("|",$key); $gamecode=trim($var[0]); session_start(); $gc[]= trim($var[0]); $_SESSION['gamecode'][]=$gc; var_dump($_SESSION['gamecode']); EDITED foreach($_POST['gm'] as $key => $answer){ if($answer != ''){ $var=explode("|",$key); $gamecode=trim($var[0]); $_SESSION['gamecode'][]=$gc; var_dump($_SESSION['gamecode']); EDIT 2 foreach($_POST['gm'] as $key...

Adding authorization to routes


ruby-on-rails,rest,routes,authorization
I cannot seem to find a good example for this. I have for example, a TicketController I define a ticket resource in my routes.rb. You only need to be logged in as a customer to GET a ticket, but you must be logged in as an administrator to PUT a...

RESTful routing best practice when referencing current_user from route?


ruby-on-rails,rest
I have typical RESTful routes for a user: /user/:id /user/:id/edit /user/:id/newsfeed However the /user/:id/edit route can only be accessed when the id equals the current_user's id. As I only want the current_user to have access to edit its profile. I don't want other users able to edit profiles that don't...

AngularJS $resource Custom Action for Requesting a Password Reset


angularjs,rest,ngresource,angularjs-1.3
I'm just starting to use ngResource in a project to consume my RESTful endpoints. Is this how you would implement a user password reset using $resource? Looks weird passing the email address as a URL parameter. .factory('User', ['$resource', function ($resource) { var paramDefaults = {id: '@id'} var actions = {...

Is it a good practise store the checkout steps fields in php $_SESSION?


php,session,e-commerce,checkout
I have my e-commerce site with three checkout steps, each button to continue is a POST action and redirect to the next step: if the user navigates by the checkout steps (click on the previous button for example), the form fields don´t show the data posted previously. This form fields...

Spring Data Rest executes query but returns 500 internal Server Error


java,spring,rest,spring-boot,spring-data-rest
I am using spring boot and spring data rest and I am facing a 500 internal server error, but no messages are displayed in console. I have the following: ProdutoVendaRepository.java public interface ProdutoVendaRepository extends PagingAndSortingRepository<ProdutoVenda, Integer> { @Query("SELECT new br.com.contoso.model.VendaPorFamilia(b.nome, SUM(i.valorMultiplicado)) FROM ProdutoVenda i JOIN i.produto o JOIN o.familia b...

Force WWW when URL contains path using .htaccess


.htaccess,session,url,redirect
I'm having a problem with my URL and my sessions. I wish to have ALL website pages be forced to use www. As it looks like now, the website looks like this: www.example.com into www.example.com example.com into www.example.com www.example.com/example/ into www.example.com/example/ example.com/example into example.com/example (this is what's wrong) This is...

How to avoid abusive use of REST endpoint [closed]


java,javascript,rest
how can I avoid abusive use of my REST API? For example, I have a website where certain actions earn a bunch of points which are stored within a user account. So technically, when ever this action is performed, I call my REST endpoint to add the points to the...

Default/Constant values for POST/PUT arguments with Retrofit


java,rest,retrofit
Using the Retrofit REST Client library from Square, is there anyway of providing default/constant values for POST/PUT fields in a call. I know about including constant query parameters by simply including them in the path, but this work for Body parameters. I have an API that looks similar to: POST...

How to manipulate local files with webdav


javascript,jquery,rest,file-upload,webdav
Hi so I just found out that webdav protocol allows for manipulations of local files through a browser. I have it already set up in the back end. What I would like to know is how to make it work on front end. I am using javascript with jQuery. For...

python-requests does not grab JSESSIONID and SessionData cookies


python,django,session,cookies,python-requests
I want to scrape a pdf file from http://www.jstor.org/stable/pdf/10.1086/512825.pdf but it wants me to accept Terms and Conditions. While downloading from browser I found out that JSTOR saves my acceptance in 2 cookies with names JSESSIONID and SessionData but python-requests does not grab these two cookie( It grab two other...

Ruby on Rails - Help Adding Badges to Application


ruby-on-rails,ruby,rest,activerecord,one-to-many
I'm creating a rails application that is a backend for a mobile application. The backend is implemented with a RESTful web API. Currently I am trying to add gamification to the platform through the use of badges that can be earned by the user. Right now the badges are tied...

Intercepting login calls with Spring-Security-Rest plugin in Grails


rest,grails,spring-security
I am using the spring security rest plugin for Grails to provide a login mechanism for an AngularJS app. Login works fine, but I can't figure out how to intercept login calls, in order to store additional statistics on (invalid/valid) login attempts. As I am quite new to Spring Security...

Unable to upload file to Sharepoint @ Office 365 via REST


javascript,ajax,rest,sharepoint,office365
I'm having trouble creating/uploading files via Microsoft's REST API (or at least that's what they call it) for Sharepoint running on Office 365. It looks like I'm able to authenticate all right, but I'm getting 403 Forbidden when I try to create a file. The same user can upload a...

Trying to write a unit test for file upload to a django Restless API


python,django,rest,file-upload,request
I'm writing a fairly small lightweight REST api so I chose restless as the quickest/easiest support for that. I didn't seem to need all the complexity and support of the django-REST module. My service will only received and send json but users need to upload files to one single endpoint....

REST api : correctly ask for an action


api,rest,endpoint
I'm currently working on a REST api. I've read a few times how to handle endpoints the right way, using the protocol (post, put, ...) to define which action should be made. Let's say I have a list of quotes. I have : a GET endpoint /quotes that let me...