I need to maintain session information between REST calls to an Apache server. Not having ever developed on the Apache platform I hope to find a package / module that can help facilitate session information and application security. Please target you answers for a newbie.
I am confused about how you could use Apache for this -- I always thought Apache either just serves static files, or runs scripts interpreted by other programs (Perl, PHP, etc). I've handled my stateful transactions using PHP (usually with cookies though that's technically not REST).
Doesn't doing things restfully make retaining session information server side dicey.
By definition it's supposed to be stateless.
Thought technically you can store state in the cookies (as long as its encrypted), it's not very restful.
Just my 2 cents.
With our restful web services calls we simply include the credentials in every call, using simple auth. When you think about it, this is actually pretty nice. It makes for an easy to understand api, and doesn't involve any gymnastics for authenticating, expiring a token, etc.
I'd also recommend you do all of this over https, since the password will be in clear text.