• Post Reply Bookmark Topic Watch Topic
  • New Topic

Logout() service in java RESTful web services

 
sateesh karuturi
Greenhorn
Posts: 1
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello folks.. iam new to the java web services. and what i need to implement here is logout() service in RESTful web services. Login() service is working based on validating database entries..but i can't get any idea about Logout() service..
anyone please help me out.
 
Stephan van Hulst
Bartender
Posts: 6583
84
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Presumably you store the login state in the session and/or a cookie. That means to logout, you need to clear the session/cookie, or at least remove the login state from them.
 
Tim Moores
Saloon Keeper
Posts: 3263
54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It'd be unusual to have a concept of login/logout, or of sessions, in RESTful WS. You should definitely avoid sessions and cookies. If it's not feasible to send the credentials along with each call, have the server generate some cryptographically secure token that is sent back from the login call, which the client would subsequently send for all calls. The logout call would then cause that token to be invalidated on the server.
 
Stephan van Hulst
Bartender
Posts: 6583
84
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are many debates about this. Personally I don't hold the view that sessions are incompatible with rest, because a session can be seen as a resource that is referenced by a session cookie. Given the same session cookie, the service will always respond with the same data, until the resource is deleted (i.e. the session expires).

Keeping track of an access-token for each client is almost exactly the same as keeping track of a session-id for each client.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!