1

Im developing a java web application which is deployed on a glassfish server. The web services are used to connect to user databases. Each user has a database. My question is, is there a way to keep track of the user? For example in servlets we use sessions in order to store some user specific data. Is there something similar to it in web services? It seems impractical to have to authenticate the username and password each time the user sends a request to a web service. Thanks.

Improve this question

1 Answer 1

Reset to default
1

Web services may also use sessions, however there are good reasons to keep them stateless:

  • it might be that the clients do not support sessions (cookies), e.g. if your clients are not browser based;
  • stateless services are easier to scale.

You do not have to use username+password for authentication. You may use JWT (or other kind of access tokens) to protect them.

Auth0 has got nice article on this topic: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.