|
|
|
|
|
|
by BorRagnarok
2687 days ago
|
|
|
I've heard this "get requests shouldn't have side effects" argument before, but I don't think it works. At least, not for me, or I'm doing something wrong. For example: Let's implement authentication, where a user logs in to your api and receives a session id to send along with every api call for authentication. The session should automatically be invalidated after x hours of inactivity. How would you track that inactivity time, if you're not allowed to change state on get requests? |
|
|