Menu
I'm making a REST API for my web app and since it should be stateless I'm sending the user's credentials with HTTP Basic Auth.
Is it correct that I need to validate the username/password with a lookup in my users database for every request? This seems like a lot of unnecessary requests considering I can validate it once and just keep it in a session if I break the "stateless rule".
917
If you don't use session cookies for authentification you need to validate each request. But you could cache the credentials somewhere in your server code, so that you don't need to query the database on every call.
Basically you should remember not to store the data too long, e.g. the user could change her/his credentials. If you have a cache missmatch you need to do another database lookup.
128
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
