Hi Fabian,
It could be renewed with every request send to the server. This is the
>> same as with sessions.
> So, the cookie has to be "refreshed" (so to speak) on each request?
If you want to save a new cookie, than yes. Because you have to renew
the expiration timestamp you have to send a new timestamp.
> Should I also store cookie-user state somewhere?
I think to count the users you have to do this, but I'm not sure. Then
you have to implement sessions, than you could also use Servlet sessions
You should put this in a filter (independently if for servlet or for
Restlet), so that your application stays free of it.
> So, the architecture would be like this:
>
> Client --- Request --> Servlet API authentication "frontend" ---
> Request ---> REST Statleless core
Yes.
> I'd have to sort of change my Guard for something using the Servlet
> API? Can I integrate that into my existing Guard (I already have
> guarded resources)?
There I can't tel you much. I think there is something in Restlet to
read authentication data from e.g. Servlet API, but I'm not sure. Take a
look to the server connector main class.
best regards
Stephan
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2683349
