nitter
Eberhard Wolff
@ewolff
30 Aug 2014
The HTTP session is an artificial concept introduced by the Servlet API and not a great fit to HTTP's stateless nature
#justSaying
#standard
3
7
Eberhard Wolff
@ewolff
30 Aug 2014
@Imifos
@stilkov
can't you have security with HTTP headers and no session?
1
Stefan Tilkov
@stilkov
30 Aug 2014
Replying to
@ewolff
@ewolff
@imifos
Of course, assuming the cookie contains the info you need and you can validate it algorithmically
Aug 30, 2014 · 2:53 PM UTC
