OpenID Libraries should be stateless
Wichert Akkerman
wichert at wiggy.net
Tue Feb 5 03:34:30 PST 2008
Previously Josh Hoyt wrote:
> You can get around the double-discovery in many cases by adding a
> signed encoding of the discovered information to the return_to URL in
> the request. Previous versions of these libraries included this trick,
> but it's rare these days for dynamic application to not have a
> session.
There is a good reason not to rely on server-side state: keeping session
state is a big issue for large sites which balance traffic over multiple
application servers. Any way to avoid server state is a good thing,
especially if that data is not read-only.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Dev
mailing list