Hi Tauren, we decided to be completely stateless on server side, and we do expect user auth for _every_ REST call.
~t~ On Wed, Jan 20, 2010 at 10:11 PM, Tauren Mills <[email protected]> wrote: > Also, I have a few questions for you regarding your implementation. How > does your system know which user is requesting a REST resource? Does a user > login, receive a shiro cookie, and then hit a RESTful url, and that cookie > is used to know which user it is? Or are you doing something else? > >
