使用REST API(JSON,XML,HTML ...)在请求之间传递消息 [英] Pass messages between requests with a REST API (JSON, XML, HTML...)
问题描述
让我们想象一个可以返回JSON,XML,HTML和其他格式的REST API. 如果浏览器Web客户端未启用JavaScript,则API返回HTML.令牌用于身份验证和授权.
Let's imagine a REST API that can return JSON, XML, HTML and other formats. In case of a browser web client without JavaScript enabled, the API return HTML. Tokens are used for authentication and authorization.
在经典网站项目中,可能发生需要从页面A到另一个页面B进行重定向的情况.例如,它可以用于显示欢迎消息或另一页中的错误消息.在这种情况下,要显示页面B上页面A的消息(例如,闪烁),通常将使用会话.表达中的两个简单(最小化)示例(但其他技术中的概念相同):
In a classic website project, it can happen that a redirection need to be made from a page A to another page B. It can be used for example to display a welcome message or an error message in another page. In this case, to display a message (flash for example) from page A on the page B, we would normally use session. Two simple (and minify) examples in express (but the concept is the same in other technologies):
// With session directly
const session = require('express-session');
app.use(session({ /* ... */ });
function (req, res, next) {
req.session.message = 'Welcome, you are connected';
return res.redirect('/');
}
<p class="message">${ session.message }</p>
// With a library as connect-flash
const flash = require('connect-flash');
app.use(flash());
function (req, res, next) {
req.flash('error', {
message: 'An error!',
});
return res.redirect('/login');
}
<p class="message">${ flash.message }</p>
现在,基于REST原则,为了遵守无状态约束,它不应该使用在两个请求之间存储状态的会话.
Now, based on REST principles, to respect the stateless constraints, it should not use sessions which store a state between two requests.
我的问题是:无状态Web服务器通常应如何在两个请求之间传递消息?(如果发生重定向)
My question is : How a stateless web server should normally pass messages between two requests ? (in case of a redirection)
- 会话:不是必需的无状态
- DB?
- 查询字符串?
- Cookie吗?
- 其他?
注意:我知道如何实现这些解决方案,但是在无状态Web服务器的情况下,我要求一种正确的方法来做到这一点. REST API如何正常实现?
Note : I know how implement these solutions but i am asking for a right way to do that in the case of a stateless web server. How normally REST API implement it ?
在提出这个问题之后,我有两个误解.
Following this question, I have two (optionnal) misunderstandings.
基于此堆栈溢出答案:
这并不排除Web服务器与之对话的其他服务 保持有关购物车等业务对象的状态, 只是与客户端当前的应用程序/会话状态无关.
That does not preclude other services that the web server talks to from maintaining state about business objects such as shopping carts, just not about the client's current application/session state.
其他服务在这里是什么意思?
基于
身份验证可以隐含在状态中,您认为
facebook对其REST API的每个请求都进行数据库访问"吗?或者
谷歌为此吗?提示:否
The authentication can be implicit in the state, do you think that
facebook does a "database access" on every request of its REST API? Or
Google for that matter? hint: no 隐含国家是什么意思?如果是他们使用令牌或类似的身份验证过程,那么他们应该每次都进行数据库访问以获取新用户,不是吗? What does it means by implicit in the state ? If it is that they use token or a similar authentication process, then they should make a database access each time to get a fresh user, no ? 谢谢. 这篇关于使用REST API(JSON,XML,HTML ...)在请求之间传递消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
推荐答案
Other Service可以是Redis或可以在API调用之间存储用户状态的任何NoSQL数据库.请参见 12因子应用中的backed service定义.Other Service could be Redis or any NoSQL database that could store a user state between API calls. See backed service definition from 12 Factor App.
