I'm working on a web application, and I've decided to make serverside a(n almost) restful web service (using node.js).
I say almost restful, because while I would like to use resource paradigm, I want to be more flexible in doing certain things, namely authentication.
All articles, tutorials and examples I have read says that i should use http auth for authentication. But I have a different idea.
I made a resource named session, which works like this:
POST /session
Creates a session, and returns session id. This session id value will be used for all requests in this session. (At this point, user is not logged in, but has a session, so I can already set values for session.)
PUT /session {session, email, password}
Updates the session with a user value
DELETE /session {session}
Deletes the session, logging user out.
Here are the questions:
- Is this session resource meaningful, or is it just taking this flexibility too far?
- If this was truly restful, I should have included session id in requests like /session/:id, but because session is something like a singleton resource (as far as the user is concerned, there is no other session possible), so there is no harm in flexing rules this way. Is this a good idea?
