Geek Answers Handbook

RESTful web requests and user activity tracking websites

Someone asked me this question a couple of days ago, and I had no answer:

Because HTTP is a stateless protocol. When we open www.google.com, is it called a REST call?

What I think:

When we do a search on google.com, all information is transmitted through the cookie settings and URL. It looks like a stateless request. But the search results are independent of the user's previous request. Search results depend on user interest and behavior. Now this is not like a stateless request.

I know this is an old question and I read a lot of SO answers, for example Why is HTTP a stateless protocol? , but I still don’t understand what happens when user activity is tracked both on google or Amazon (recommendations based on past purchases), or on other recommendation actions websites based on user actions.

Is RESTful or RESTless?

What if I want to create a web application in which I use the REST architecture and still provide user-specific answers?

+8
rest stateless
source share
3 answers

HTTP is stateless, but not at the application level of Google. Specific cookies and their meaning are part of the application layer.

Consider the same with TCP / IP. IP is a stateless protocol, but TCP is not. The existence of state in TCP, embedded in IP packets, does not mean that the IP protocol itself has state.

So does this make a REST call? Not.

Despite the fact that HTTP does not have statelessness, and I suspect that www.google.com for a request with cookies disabled, the results will be the same for each request, which makes it almost stateless (Google still probably tracks the IP for query frequency limits).

But the application layer is not stateless. One of the principles of REST is that the system does not save client state data between requests in order to change responses. In the case of Google, this is clearly not happening.

+7
source share

You should probably start with Fielding's comments on cookies in his thesis , and then look at Fielding for further thoughts posted on the rest-discuss .

My interpretation of Fielding’s ideas applied to this question: no, this is not REST. The search results change depending on the state of the cookie header in the request, which means that the presentation of the resource changes depending on the cookie, that is, part of the resource identifier is recorded in the cookie header.

Most cookie problems are related to visibility issues that affect caching and the mechanism of the hypertext application - Fielding, 2003

As it happens, caching does not seem to be a big priority for Google; the view has returned to include a private cache control header, which limits the participation of intermediate components.

+3
source share

It seems that the meaning of “statelessness” (hypothetically) goes beyond its practical expression.

Consider a web system without a database. You call the (RESTful) API, you always get exactly the same results. It is completely stateless ... But this is also not a real system.

A real system in almost every implementation contains data. Moreover, this data is the “resources” that the RESTful API allows us to access. Of course, data changes are also caused by API calls. So, if you get the value of a resource, change its value and then get its value again, you will get a different value than the first read; however, this clearly does not mean that the readings themselves were not stateless. They do not have citizenship in the sense that they represent the same action (or, more precisely, a resource) for each call. To change the value of a resource, you must perform it manually using another RESTful API, which will then be reflected in the next call.

However, what happens if we have a resource that changes without a manual standard API verb? For example, suppose we have a resource that counts the number of calls to another resource. Or some other resource that is populated with some other data from third parties. Obviously, this is still a protocol without preservation.

Moreover, in a sense, almost any system, say, any system that includes an authentication mechanism, responds differently to the same API calls, depending, for example, on user privileges. And yet, it is obvious that RESTful systems do not prohibit the authentication of their users ...

In short, stateless systems are void for this protocol. If Google tracks calls, so if I call the same resource in the same session, I get different answers, then it aborts the stateless requirement. But while the response returned is different due to application-level data and is not associated with the session, this requirement is not violated.

AFAIK, what Google does is not necessarily related to sessions. If the same user starts the same search under completely identical conditions (for example, IP, geographic location, OS, browser, etc.), they will receive the same answer. If a new identical search leads to different results due to what Google “recognized” in the last call, it is still stateless, because - again - this second call will produce the same result if it was done in another session but under the same conditions.

+3
source share

More articles:


All Articles