[Engine-devel] REST session management
Geert Jansen
gjansen at redhat.com
Mon Apr 16 08:34:26 UTC 2012
On 04/16/2012 10:04 AM, Miki Kenneth wrote:
>> I Agree on that, although I'm not sure whether it is really needed to
>> release the session, rather then rely on timeout.
>> If we indeed need to provide a way to release the session then I
>> agree this is the best alternative. But if we don't then it will
>> make the API to the client more (but not very) complex in that
>> manner.
>
> I would go for both - release mechanism (for proper handling) and timeout mechanism for garbage collection.
> (refer to: http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authentication)
Agreed we need both. I think that for security purposes, it is important
to have a "log out" function. That way, client applications can decide
depending on their local security requirements whether or not it is
acceptable to leave a session open.
Regards,
Geert
More information about the Engine-devel
mailing list