[Twisted-Python] Re: cred and stateless protocols
jarrod roberson
jarrod at vertigrated.com
Wed May 3 11:43:24 MDT 2006
On 5/3/06, Manlio Perillo <manlio_perillo at libero.it> wrote:
>
> Nicola Larosa ha scritto:
> >> Stateless protocols like HTTP use sessions for client authentication.
> >
> > Don't say such a thing in REST company, you could be lynched. ;-)
no the correct statement is
Stateless protocols like HTTP use sessions to STORE STATE.
Nicola is correct, HTTP only support authentication on every request since
it is STATELESS and only supports BASIC and DIGEST.
if you want to make it STATEFUL then using "sessions" is just one of many
ways to store and track that STATE.
if you want to store authentication tokens as part of that STATE you can,
but that has NOTHING to do with HTTP Authentication and is probably NOT
secure, but it has NOTHING to do with
"... HTTP using sessions for client authentication."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20060503/9709eb1a/attachment.html>
More information about the Twisted-Python
mailing list