REST user authentication

Question

OK... the basic idea is to have SERVER and CLIENT physically separated (two systems).

My idea is to build a stand-alone web service (REST, XML, API-KEY) that will pr

Answer 1

A RESTful interface does not store any information about a particular user's session. It is the client's job to maintain the information about what it is doing.

Authenticate the user on every request by providing information in the Authorization HTTP header. IF this becomes a performance problem, then look at alternative solutions to optimize perf.