Going stateless : mobile apps
103 views
Skip to first unread message
Rahul Dighe
Apr 15, 2013, 2:18:39 PM4/15/13
to api-...@googlegroups.com
Hello All,
Our current Mobile Apps - make heavy use of sessions . I have been making a case to use the REST API's that we might potentially build for partner be used internally as well as to power our apps. The main benefits that I am citing are that it would make our apps much easier to scale ... and it would be in keeping with the principle of "eat your own dog food" before releasing the API's to partners .
Just wondering if folks in this group have been in such a situations (use mobile session) and then transitioned over to (stateless) and what benefits they have seen - Or just generally can cite some pros and cons of going to "stateless" route if that is what they would recommend.
Thanks
Rahul Dighe
Ian Joyce
Apr 15, 2013, 2:30:16 PM4/15/13
to api-...@googlegroups.com
Can you elaborate on what you mean by a "mobile session"?
Rahul Dighe--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Rahul Dighe
Apr 15, 2013, 2:38:03 PM4/15/13
to api-...@googlegroups.com
Just that a session is created at the server everytime the mobile apps is used and that with every request the session id is passed back and forth to the server.
Thanks
Rahul
Tomas Vlach
Apr 16, 2013, 4:16:58 AM4/16/13
to api-...@googlegroups.com
Are we talking about session id that is in fact used as authentication token, or is there a real session on the server for each session id, which stores some state related to that session, other than authentication (i.e. some state of business transaction etc.)?
landed
Apr 17, 2013, 1:29:14 PM4/17/13
to API Craft
What do you mean by stateless - http is stateless by nature and
therefore we need the session to provide state. I think this is for
BOTH mobile and non mobile its the same. Ahh I think for the mobile
you meen a proper native APP. Within its own working (view navigation)
it doesn't need a session I guess, The API doesnt need a session per
se but it will need its keys or authentication as per its design spec
and will be ignorant of the source.
I think in this case if you use an OAuth 2.0 library some of the
troubles may be accounted for ?
therefore we need the session to provide state. I think this is for
BOTH mobile and non mobile its the same. Ahh I think for the mobile
you meen a proper native APP. Within its own working (view navigation)
it doesn't need a session I guess, The API doesnt need a session per
se but it will need its keys or authentication as per its design spec
and will be ignorant of the source.
I think in this case if you use an OAuth 2.0 library some of the
troubles may be accounted for ?
Reply all
Reply to author
Forward
0 new messages