Question
I am working on a webapi project which of course is supposed to be stateless. The point is that it requires authetication and the majority of it's services is available to logged in users.
The catch is that there are several pieces of information about that user which should be used on all subqsequent calls to the legacy backend.
Should I force the clients to send back all those parameters on each request? (doesn't seem fair) Should I use a caching on the webapi side - this is tricky as currently there is no out-of-memory distributed cache in use in the deployment environment.... What options do you see?
Solution
You could choose to issue the user some kind of session token on the first call. The server could then use the session token to authenticate the user and remember the settings for that session on subsequent calls.
You can read more about managing sessions in a stateless environment here:
https://stackoverflow.com/questions/17352714
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian