Thrift has no concept of users or stateful sessions. While clients can connect to a server and issue multiple commands, each command is independent as no identifying information about the connection is sent to the handler. Anything like user sessions would need to be handled at a layer above Thrift, using something analogous to cookies in a web browser. In the past when I have had to do this in a Thrift IDL, I needed to add another parameter to every method to carry state from the client to the server, and I needed to add a method just to generate that session/state token.
There may already be a Jira ticket for an enhancement to Thrift to add the capability to have stateful sessions. For example in the C++ implementation it would be possible to modify the TConnectedClient class and assign a GUID to each connected client and put it into thread local storage. Then any handler would be able to ask thread local storage for the unique connection ID. This would only be valid for the duration of a connected client, however. I often thought this would work well with the Multiplexed Protocol. One could put an authentication API on one channel, and then one could selectively enable other channels based on the permissions of the user. All of these ideas I discussed however are just ideas, and not part of the Thrift project today. - Jim
