Phpster wrote:
> I am interested in how you are handling security in this process. How
> are you managing sessions with the restful interface? This is the one
> thing that really interests me with the whole restful approach.

one doesn't do sessions with rest :)

95% of the time the uri's don't need any security or "session" type
stuff as it's all public data (think about it, if it's on a page, it's
naturally public)

with regards security; personally I use client side ssl certificates and
call through https (and further foaf+ssl) however any old
basic/digest/whatever authentication will do.

the major point of rest is to expose everything needed via GET on URIs,
(hypermedia as the engine of application state); URIs are not GETable at
a later date if they require session data. Hence why you pass or prompt
for any needed credentials; and further abstract the security in to the
transport layer (or tunnel, in the case of https).


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to