0

We have a stateless web api application where we only use the token(obtained on login) as an identifier, which we decrypt, determine user and perform the action.

We now need to store a rather big object in session and it is a load balanced environment so SQL Server session state seems like a good fit.

Is it possible to use session in a stateless web api application?

Improve this question
4
  • Make sure to properly sign the tokens; there are various subtle crypto issues with such a scheme.
    – SLaks
    Commented Jun 13, 2013 at 20:39
  • If you simply want to store some sort of large object that is always fetched by the session key then you may want to consider a clustered key value store instead. I'd recommend something like RIAK -- SQl server is pretty overkill for stuff like this -- if you don't want to run queries.
    – Transact Charlie
    Commented Jun 13, 2013 at 20:52
  • What I mean is this msdn.microsoft.com/en-us/library/ms178586(v=vs.100).aspx but with "SQL Server Mode"
    – xmorera
    Commented Jun 13, 2013 at 20:56
  • Yeah -- I got that but load balancing sql server is a bit of a nightmare -- you'll be tying your load balanced pool of web servers to 1 database server -- when you want to scale out you'll need to handle sql server replication etc. etc. etc.
    – Transact Charlie
    Commented Jun 13, 2013 at 21:10

1 Answer 1

Reset to default
0

If you have a session in a stateless Web API then it would no longer be stateless. So which do you want, stateless, or sessions?

Improve this answer
3
  • I need to keep it stateless, but store a particular object at any time and be able to recover it quickly in an easy and efficient way. I know it sounds a bit confusing.
    – xmorera
    Commented Jun 13, 2013 at 21:47
  • @xmorera Store the object, and assign it a URI, now it becomes resource state, instead of session state. Magic!
    – Darrel Miller
    Commented Jun 13, 2013 at 22:19
  • Thanks @Darrel! Let me talk with the architect.
    – xmorera
    Commented Jun 13, 2013 at 22:51

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.