As per the REST (REpresentational “State” Transfer) architecture, the server does not store any state about the client session on the server-side. This restriction is called Statelessness.
Each request from the client to the server must contain all of the necessary information to understand the request. The server cannot take advantage of any stored context on the server.
The application’s session state is therefore kept entirely on the client. The client is responsible for storing and handling the session related information on its own side.
This also means that the client is responsible for sending any state information to the server whenever it is needed. There should not be any session affinity or sticky session between the client and the server.
Statelessness means that every HTTP request happens in complete isolation. When the client makes an HTTP request, it includes all information necessary for the server to fulfill the request.
The server never relies on information from previous requests from the client. If any such information is important then the client will send that as part of the current request.
To enable clients to access these stateless APIs, it is necessary that servers also should include every piece of information that the client may need to create/maintain the state on its side.
For becoming stateless, do not store even authentication/authorization details of the client. Provide authentication credentials with each request.
Thus each request MUST be stand alone and should not be affected by the previous conversation that happened with the same client in past.
2. Application State vs Resource State
It is important to understand the between the application state and the resource state. Both are completely different things.
Application state is server-side data that servers store to identify incoming client requests, their previous interaction details, and current context information.
Resource state is the current state of a resource on a server at any point in time – and it has nothing to do with the interaction between client and server. It is what we get as a response from the server as the API response. We refer to it as resource representation.
REST statelessness means being free from the application state.
3. Advantages of Stateless APIs
There are some very noticeable advantages of having REST APIs stateless.
- Statelessness helps in scaling the APIs to millions of concurrent users by deploying it to multiple servers. Any server can handle any request because there is no session related dependency.
- Being stateless makes REST APIs less complex – by removing all server-side state synchronization logic.
- A stateless API is also easy to cache as well. Specific softwares can decide whether or not to cache the result of an HTTP request just by looking at that one request. There’s no nagging uncertainty that state from a previous request might affect the cacheability of this one. It improves the performance of applications.
- The server never loses track of “where” each client is in the application because the client sends all necessary information with each request.
Reference: Roy T. Fielding on Stateless