
REST and Stateless Session IDs - gulbrandr
http://appsandsecurity.blogspot.com/2011/04/rest-and-stateless-session-ids.html
======
ericmoritz
I'm sure I'll get flack for this but isn't a session cookie passed with every
request essentially the same as passing an Auth header with every request? In
either case HTTP is still stateless.

