我需要一些澄清。我一直在阅读关于REST和构建基于REST的应用程序的书籍。根据维基百科,REST本身被定义为具象状态传输。因此,我不理解所有这些无国籍的官样文章,每个人都在不停地吐出来。
从维基百科:
在任何特定的时间,客户端可以处于之间的转换
应用程序处于“静止”状态。处于休息状态的客户端可以
与用户交互,但不创建负载,也不消耗每个客户端
服务器集或网络上的存储。
他们只是说不要使用会话/应用程序级数据存储吗?
我知道REST的一个目标是使URI访问一致且可用,例如,不是在帖子中隐藏分页请求,而是使请求的页码成为get URI的一部分。对我来说很有道理。但是,说每个客户端数据(会话数据)都不应该存储在服务器端似乎有点过头了。
如果我有一个消息队列,而我的用户想要读取消息,但在读取消息时,又想在会话期间阻止某些发送者的消息通过,该怎么办?将其存储在服务器端的某个位置,并让服务器只发送未被用户阻止的消息(或消息ID),这难道不合理吗?
每次请求新的消息列表时,我真的必须发送整个消息发送者列表来阻止吗?与我相关的消息列表在一开始就不应该是公开可用的资源。
我只是想理解一下。谁来澄清一下。
更新:
我发现了一个堆栈溢出的问题,它的答案并不能让我一直走到那里:
如何在REST中管理状态
这说明客户端状态很重要,应该在每个请求上都传输....Ugg . .看起来开销很大…这样对吗??
没有勺子。
不要把无状态想象成“一次又一次地把你所有的东西发送到服务器”。不可能。总会有状态——数据库本身也是一种状态,毕竟你是注册用户,所以没有服务器端,任何客户端信息都是无效的。从技术上讲,您从来都不是真正无状态的。
关于登录的争论
不保持会话并每次都登录是什么意思?
有些意思是“每次都发送密码”,这太愚蠢了。有些人说“不,当然不是,而是发送一个令牌”——你瞧,PHP会话就是这么做的。它发送一个会话id,这是一种令牌,它可以帮助你到达你的个人物品,而不必每次都重发u/pw。它也非常可靠,并且经过了良好的测试。是的,方便也会变成缺点,见下一段。
减少碳足迹
What you should do, instead, and what makes real sense, is thin your webserver footprint to the minimum. Languages like PHP make it very easy to just stuff everything in the session storage - but sessions have a price tag. If you have several webservers, they need to share session info, because they share the load too - any of them may have to serve the next request.
A shared storage is a must. Server needs to know at least if someone's logged in or not. (And if you bother the database every time you need to decide this, you're practically doomed.) Shared storages need to be a lot faster than the database. This brings the temptation: okay, I have a very fast storage, why not do everything there? - and that's where things go nasty in the other way.
你的意思是,保持会话存储最小?
Again, it's your decision. You can store stuff there for performance reasons (database is almost always slower than Redis), you can store information redundantly, implement your own caching, whatever - just keep in mind that web servers will have a bigger load if you store a lot of rubbish on them. Also, if they break under heavy loads (and they will), you lose valuable information; with the REST way of thinking, all that happens in this case is the client sends the same (!) request again and it gets served this time.
那该怎么做呢?
No one-fits-all solution here. I'd say choose a level of statelessness and go with that. Sessions may be loved by some and hated by others but they're not going anywhere. With every request, send as much information as makes sense, a bit more perhaps; but don't interpret statelessness as not having a session, nor as logging in every time. Somehow the server must know it's you; PHP session ids are one good way, manually generated tokens are another.
Think and decide - don't let design trends think for you.
Statelessness means that every HTTP request happens in complete isolation. When the client makes an HTTP request, it includes all the information necessary for the server to fulfill that request. The server never relies on information from previous requests. If that information was important, the client would have to send it again in subsequent request. Statelessness also brings new features. It’s easier to distribute a stateless application across load-balanced servers. A stateless application is also easy to cache.
实际上有两种状态。客户机上的应用程序状态和服务器上的资源状态。
web服务只需要在实际发出请求时关心应用程序的状态。其他时候,它甚至不知道你的存在。这意味着无论客户端何时发出请求,都必须包含服务器处理请求所需的所有应用程序状态。
每个客户机的资源状态都是相同的,它的适当位置在服务器上。当您将图片上传到服务器时,您创建了一个新资源:新图片有自己的URI,可以作为未来请求的目标。您可以通过HTTP协议获取、修改和删除该资源。
