TPS 27

Think

Insert a new row just below the header in the table in your TPS Google Doc. Fill in the first two columns. Add your response to the problem below in the "Think" column.

When we first learned about REST, I said that the statelessness constraints had ramifications for the way we've been doing authentication. This is because we've been using PHP Sessions, where the PHP instance running on a server keeps a look up table of all sessions. A key unique to a given user is created when they first the site. That key is stored in a cookie (PHPSESSID). When the user signs in, we update their status in the session look up table using that key. However, that means the server is maintaining state about a user (namely whether they're signed in or not), thus violating the statelessness constraint of RESTful APIs.

An alternative would be to use cookies to store the actual data (i.e., that the user is logged in, their user name, and user id). If we were to do that, what might the implications of that be? Note that cookies can be tampered with or forged (made up) by the client.

Pair

If you are joining the class live (in person or over Zoom), pair up with someone when asked to do so—please use Discord or your preferred means of interacting with someone to share your answers (please see the announcement with details about Discord).  Settle on an answer between to two or three of you and put that answer down in your "Pair" column.

Share

Regardless of whether or not you are attending live, one person from your pair group should add your answer to the "TPS class share Links to an external site." document (make sure you're logged into your Endicott gmail account).

Submit

Finally, submit your personal TPS Google doc to this assignment.