REST and Stateless Session IDs | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		REST and Stateless Session IDs (appsandsecurity.blogspot.com)
		3 points by gulbrandr on April 11, 2011 \| hide \| past \| favorite \| 1 comment

ericmoritz on April 11, 2011 [–]

I'm sure I'll get flack for this but isn't a session cookie passed with every request essentially the same as passing an Auth header with every request? In either case HTTP is still stateless.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact