web services - Can we make Restful webservice stateful

Question

I have been reading about about Restful webservices being Stateless. I can also see that most of Soap based webservices are also stateless and can be made stateful if needed and making them stateful will depend on implementation. So if a soap based webservice is stateful then a session id will passed with every request, to continue with session.

My query is why can't same be done with Restful webservices, I think i should be able implement a webservice which can continue with same session where session id is passed by Restful webservice making is Stateful.

So my question is, Are RestFul webservices just a concept with a guideline not to make them stateful? or there will be checks in Restful webservice libraries [like Jersey ] to stop people from doing so?

Answer 1

The statelessness of REST is designed to ensure applications scale well. You can add state, but it's at a trade-off in scalability.

One of the most common reasons to add state to REST is for authentication. Once a secure connection is established, a secure cookie can be sent to the client. This cookie is then added by the client to all requests for the session. The server maintains state and then loads that state in with every request based on the cookie.

Consider a simple web page. If you are not maintaining state, you can put up a reverse proxy, cache the page in memory by URL, and distribute that resource across many servers for load. If you now add the name of the currently logged in user to that web page, you can no longer cache anything (at least at the most basic HTTP level). The response can now be cached only with a combination of the authentication cookie and the URL.