Is using sessions for single page rich web app an overkill? [closed]

Question

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.

Closed 8 years ago.

There is a rich web app with login form. Logged in user should be able to send some post request to server database, which modify database records. How do I track in the server if user has role to add/modify record in server database? Should I send username, password, data to place into db every time user wants to modify db or should I use sessions instead of resending username/password? Sorry, I haven't used sessions before, so I am not comfortable with them... But as I see they are the way to go in multi page web apps, but will they make my life easier if I use them in one page web app? Or should I just resend username/password on every post request to server database?

Answer 1

If you are doing this only for username and password, do them every time. If you are using a standard HTTP authentication type, it does this - it sends the login credentials on every page access. If there is more information you need passed, and this information is to be used repeatedly on multiple accesses to the web page, look at using a per-session cookie instead.

Alternitivley, if it is easier - I have seen some web apps use a session (or longer) cookie for authentication information. In-fact, some Apache modules themselves do this.