LukasReschke
commented
7 years ago The above statement is probably intended to enable use of sticky sessions in a load-balanced environment
At the moment this is actually the case because some implementations do use sessions for caching expensive operations.
One example of this is when accessing a password protected shared element, in that case the element may be stored encrypted using bcrypt and when accessing the share using base64encode(shareId:sharePassword), verifying the password is expensive as it may be stored using bcrypt etc.
Sure. Could be solved otherwise on the implementers side so I'm just dropping my 2 cents here and explain why it was added on that document like that :-)
joostfarla
labkode
glpatcern
The current documentation states:
The above statement is probably intended to enable use of sticky sessions in a load-balanced environment. In a RESTful architecture, all requests between client and server are stateless. Stateless requests contain all the necessary information for the server to understand the meaning of the request, including authentication headers. Because each request is self-containing and does not depend on any previous interaction, the server (or any intermediate layer) can treat each request independently and should therefore not store session state. This is the reason why sticky sessions are meaningless and should be avoided. Sticky sessions reduce scalability because the requests can be spread less evenly between server nodes. It also makes failover scenarios more complex.