Re: [Engine-devel] REST session management

----- Original Message ----- > From: "Geert Jansen"<gjansen(a)redhat.com> > To: "Miki Kenneth"<mkenneth(a)redhat.com> > Cc: "Oved Ourfalli"<ovedo(a)redhat.com>, "engine-devel"<engine-devel(a)ovirt.org>, "Eoghan Glynn"<eglynn(a)redhat.com> > Sent: Monday, April 16, 2012 11:34:26 AM > Subject: Re: [Engine-devel] REST session management > > > On 04/16/2012 10:04 AM, Miki Kenneth wrote: > >>> I Agree on that, although I'm not sure whether it is really needed >>> to >>> release the session, rather then rely on timeout. >>> If we indeed need to provide a way to release the session then I >>> agree this is the best alternative. But if we don't then it will >>> make the API to the client more (but not very) complex in that >>> manner. > > >> I would go for both - release mechanism (for proper handling) and >> timeout mechanism for garbage collection. >> (refer to: >> http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authent...) > Agreed we need both. I think that for security purposes, it is > important > to have a "log out" function. That way, client applications can > decide > depending on their local security requirements whether or not it is > acceptable to leave a session open. > So (unless someone objects) let's go for option #2 (using the Prefer header on each and every request, and release the session once it is not there).

Thank you, Oved > Regards, > Geert > _______________________________________________ Engine-devel mailing list Engine-devel(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel