REST by definition is stateless so what you are asking for isn't REST. What's bad with sending credentials with every request?
Mateusz On Tuesday, March 11, 2014 4:19:26 PM UTC+9, Gaurav Dhiman wrote: > > I noted that the way OrientDB authenticate user for every HTTP access is > by expecting username:password encoded in base64 for every HTTP call. Isn't > that a bad idea. > > I think, username:password should only be expected once at the time of > login (HTTP connect call). Once connect is successful, OrientDB should > return session ID and in consecutive call to ORientDB server that session > ID should be sent in place of username:password combination. Using > sessionID OrientDB should be able to fetch current logged-in user and and > its details at server end to perform specific actions. > > Can we achieve above in OrientDB (for HTTP REST calls) ? > > Regards, > Gaurav > -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
