----- Original Message ----- > From: "Geert Jansen" <[email protected]> > To: "Miki Kenneth" <[email protected]> > Cc: "Oved Ourfalli" <[email protected]>, "engine-devel" > <[email protected]>, "Eoghan Glynn" <[email protected]> > Sent: Monday, April 16, 2012 11:34:26 AM > Subject: Re: [Engine-devel] REST session management > > > On 04/16/2012 10:04 AM, Miki Kenneth wrote: > > >> I Agree on that, although I'm not sure whether it is really needed > >> to > >> release the session, rather then rely on timeout. > >> If we indeed need to provide a way to release the session then I > >> agree this is the best alternative. But if we don't then it will > >> make the API to the client more (but not very) complex in that > >> manner. > > > > I would go for both - release mechanism (for proper handling) and > > timeout mechanism for garbage collection. > > (refer to: > > http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authentication) > > Agreed we need both. I think that for security purposes, it is > important > to have a "log out" function. That way, client applications can > decide > depending on their local security requirements whether or not it is > acceptable to leave a session open. > So (unless someone objects) let's go for option #2 (using the Prefer header on each and every request, and release the session once it is not there).
Thank you, Oved > Regards, > Geert > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
