Category: stateful

Stateless user sessions with encrypted session IDs

When trying to design for stateless services one finds it easy to reduce the information stored in an http session but for one piece: whether the client has authenticated against the server or not. Usually you would implement a proccess for authenticating like this:Client submits credentials (login / password) to the serverServer checks the credentialsServer … Continue reading Stateless user sessions with encrypted session IDs