Timeline for Restful User/Password Authentication
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 12, 2015 at 12:09 | vote | accept | Frido | ||
| Aug 20, 2015 at 9:36 | comment | added | Frido | Thanks for stateless clarification. I've edited the original question regarding 'better' and 'secure'. | |
| Aug 19, 2015 at 14:30 | comment | added | JDT | Could be a matter of terminology. 'Token' in this context explicitly means not bound to the server in any way, session id means the server itself stores information on the ID. Think tokens in a REST API which do not reside on the server and have to keep their timeout information embedded in themselves and PHP SessionID's which are often stored on the server that started the session and for which timeouts are stored there. | |
| Aug 19, 2015 at 14:22 | comment | added | Richard Tingle | What is ultimately the difference between sending a token and sending a sessionID? (Except that with a sessionID it's managed more automatically) | |
| Aug 19, 2015 at 10:09 | history | answered | JDT | CC BY-SA 3.0 |