Rails plugin restful_authentication a misnomer

It all started with a debate on #rubyonrails with ReinH about how less RESTful a session could be — mainly because it uses cookies. I suggested a resource such as:


or even this…


…could be RESTful. Which ReinH neither agreed nor denied as far as I remember and asked “how many actually do this?”. Fairly none and agreed that he was right. I must really be honest and admit that I only knew a little about REST while debating.

After going through Fielding’s dissertation about REST, I can with bit more understanding say even the above hack is completely wrong and violates a REST constraint of shared caching.

So what is REST:

I would actually summarise it to, REST architecture is a set of constraints, if followed, makes your application to scale up.

“Web’s major goal was to be a shared information
space through which people and machines could communicate.” — Berners Lee

The REST architecture tries to achieve the above goal by imposing some constraints. If you follow the REST architecture, then it appears as if the whole Internet’s infrastructure was in place just to make sure your application to work efficiently. Imagine having about millions of servers serving your content — REST makes it easy for intermediary connectors such as a proxy servers too to serve your content (from cache).

Session and RESTful:

REST is clear about having not to store the state in the server. For e.g. lets say you request a resource GET http://example.com/products. By REST means the server should need not know or store what products from the list you added to the cart. Why? Because a proxy server intermediary may not be able to handle it.

So what is the alternative then? There is no alternative. All state must be stored in the client. i.e. the client should remember what you put in the cart and submit it for processing at once. Ofcourse a browser does not know what a cart is, not to mention how to put a product into it.

Be glad that REST does allow COD (code on demand) like javascript for e.g. to complete that functionality by the client. So we have to wait until there is an efficient way of storing the session in client and a standard way of manipulating it. Until then, you continue doing what we have been doing so far with cookies and session even though it is less RESTful by design.

Rails Plugin restful_authentication

There is no point in calling it RESTful, an authentication to access a resource has nothing to do with REST. This must be called something else or the suggestion on #rubyonrails was to rename it to resourceful_authentication. I am not keen on this name either. However restful_authentication is a very useful plugin indeed.

Leave a Comment