Stateless with cookie vs stateful

user3528733 picture user3528733 · Nov 2, 2014 · Viewed 10.1k times · Source

I found sth like this:

"stateful – keep track of the previously stored information which is used for current transaction.

stateless – every transaction is performed as if it were being done for the very first time. There is no previously stored information used for the current transaction.

In a purely stateless environment you wouldn’t need this session id. Each request would contain all the information the server would need to process. But many applications need to maintain state to keep track of whether or not a session is authenticated to view certain content or to keep track of what a user is doing. You wouldn’t want to send user credentials over the wire for each request."

I'm quite confuse. So if stateless session with cookie maintain the state so it's mean that: stateless session with cookie= session stateful?

Another think. I found information that session stateless is client side session and stateful is server side session. How we can discuss about client side session if stateless session does not maintain session?

Answer

smk picture smk · Nov 2, 2014

In a purely stateless environment you really don't need sessions or cookies.

Both sessions and cookies are used to maintain state. The only question is where. Cookies maintain the state on the client while sessions maintain state on the server.

From Wikipedia: Representational state transfer

The session state can be transferred by the server to another service such as a database to maintain a persistent state for a period and allow authentication.

So typically in a stateless design, yes there is no state between client requests. Every client request will have sufficient info to perform the requested action. However, you still need authentication and/or authorization so who the client is identified from request headers (typically).