{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 ▲ chillily 的问题《Pass messages between requests with a REST API (JS》','https://www.manongdao.com/q-1010942.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Let's imagine a REST API that can return JSON, XML, HTML and other formats. In case of a browser web client without JavaScript enabled, the API return HTML. Tokens are used for authentication and authorization.
In a classic website project, it can happen that a redirection need to be made from a page A to another page B. It can be used for example to display a welcome message or an error message in another page. In this case, to display a message (flash for example) from page A on the page B, we would normally use session. Two simple (and minify) examples in express (but the concept is the same in other technologies):
// With session directly
const session = require('express-session');
app.use(session({ /* ... */ });
function (req, res, next) {
req.session.message = 'Welcome, you are connected';
return res.redirect('/');
}
<p class="message">${ session.message }</p>
// With a library as connect-flash
const flash = require('connect-flash');
app.use(flash());
function (req, res, next) {
req.flash('error', {
message: 'An error!',
});
return res.redirect('/login');
}
<p class="message">${ flash.message }</p>
Now, based on REST principles, to respect the stateless constraints, it should not use sessions which store a state between two requests.
My question is : How a stateless web server should normally pass messages between two requests ? (in case of a redirection)
- Session : Not stateless as required
- DB ?
- Query string ?
- Cookie ?
- Other ?
Note : I know how implement these solutions but i am asking for a right way to do that in the case of a stateless web server. How normally REST API implement it ?
Following this question, I have two (optionnal) misunderstandings.
Based on this stack overflow answer :
That does not preclude other services that the web server talks to from maintaining state about business objects such as shopping carts, just not about the client's current application/session state.
What does other services means here ?
Based on this comment from the same answer :
The authentication can be implicit in the state, do you think that facebook does a "database access" on every request of its REST API? Or Google for that matter? hint: no
What does it means by implicit in the state ? If it is that they use token or a similar authentication process, then they should make a database access each time to get a fresh user, no ?
Thank you in advance.
Other Servicecould be Redis or any NoSQL database that could store a user state between API calls. Seebacked servicedefinition from 12 Factor App.