Re: [Engine-devel] REST session management
On 04/16/2012 10:04 AM, Miki Kenneth wrote:
> I Agree on that, although I'm not sure whether it is really
needed to
> release the session, rather then rely on timeout.
> If we indeed need to provide a way to release the session then I
> agree this is the best alternative. But if we don't then it will
> make the API to the client more (but not very) complex in that
> manner.
I would go for both - release mechanism (for proper handling) and timeout mechanism for
garbage collection.
(refer to:
http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authent...)
Agreed we need both. I think that for security purposes, it is important
to have a "log out" function. That way, client applications can decide
depending on their local security requirements whether or not it is
acceptable to leave a session open.
Regards,
Geert