[Engine-devel] REST session management

Geert Jansen gjansen at redhat.com
Mon Apr 16 08:34:26 UTC 2012


On 04/16/2012 10:04 AM, Miki Kenneth wrote:

>> I Agree on that, although I'm not sure whether it is really needed to
>> release the session, rather then rely on timeout.
>> If we indeed need to provide a way to release the session then I
>> agree this is the best alternative. But if we don't then it will
>> make the API to the client more (but not very) complex in that
>> manner.
 >
> I would go for both - release mechanism (for proper handling) and timeout mechanism for garbage collection.
> (refer to: http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authentication)

Agreed we need both. I think that for security purposes, it is important 
to have a "log out" function. That way, client applications can decide 
depending on their local security requirements whether or not it is 
acceptable to leave a session open.

Regards,
Geert



More information about the Devel mailing list