I am trying to understand token-based authentication these days, which claims to be a stateless authentication method. And I met the concept of stateless web application. But more and more I think stateless is a pseudo-proposition.
For example, suppose we use client-stored token for authentication, how can we make a statistic of online users? Shall we store the token in DB? Doesn't that mean we store state info on server? And even more, is user info in DB also some kind of state info?
I think the real question here is not to make a web app stateless, but to make the web app properly handle the state info such that it won't jeopardize scalability.
Am I wrong on this? Could anybody shed some light on this so I can be relieved from this mental struggle?
Aucun commentaire:
Enregistrer un commentaire