Skip to main content

4.10. Handling Application State

4.10. Handling Application State

Applications using HTTP need to carefully consider how they handle state. HTTP is often described as "stateless", meaning that each request is independent and the server doesn't need to remember previous requests. However, many applications need some form of state management.

There are several ways to handle state in HTTP applications:

  • Client-side state: The client maintains state and includes it in each request. This is the most scalable approach but requires the client to manage the state.

  • Server-side state: The server maintains state about each client, typically identified by a session token. This is more convenient for the client but less scalable for the server.

  • Resource state: State is represented as resources that can be retrieved and modified using HTTP methods. This aligns well with REST principles.

Applications SHOULD prefer stateless designs where possible, as they tend to be more scalable and easier to deploy. When state is necessary, applications SHOULD:

  • Clearly specify how state is maintained and identified.

  • Consider using cookies [COOKIES] for session management, but be aware of their security and privacy implications.

  • Avoid keeping state on the server that could be maintained on the client.

  • Use authentication tokens rather than sessions where appropriate.

  • Design state management to work with intermediaries and caches.

Applications SHOULD NOT rely on features like TCP connection persistence to maintain state, as connections can be closed or multiplexed.

Last updated on