What is a stateless server ?
As the name suggests, the stateless server has no state with regard to the user’s information. It means when the user access any web resource, the server does not keep a track of the user’s identity or actions performed on the page. So every time, the user has to prove the identity to gain access.
Let’s understand it better in contrast with the stateful server. Stateful servers store users’ state information in the form of sessions. It stores information like profile, preference, user’s action and gives personalized experience on next visit. The user does not need credentials every time during the valid session.
While stateless server treats each request as independent and demand user credentials. It requires no knowledge of previous interactions and stores no session information. So, there’s no difference between previous, current, and next requests.
Features of Stateless Server:
Performance: The server is not bound to maintain and synchronize any session data. So it can serve any number of requests to the user. It helps in achieving a better response time with experience.
Design: This is regarded as an advantage for developers as the stateless servers are easy to design and code because there is no need to dynamically maintain storage units in the backend. Stateless authentication uses REST (Representational State Transfer) to design the web APIs.
Data Crash: Since no data is stored on the server, there is nil impact of a system crash on the performance of the web resource. The user can simply recover the access by reauthenticating. Stateless uses a different server on each request. So there’s a scope of horizontal expansion.
Technology: The stateless servers can identify users based on a unique ID called Tokens. Tokens accommodate essential information of the user grants access after receiving the secret token. The validity of the token depends either on session duration or it gets destroyed once the user logs out of resource. This technology is known as cryptography which is going to be a major driver of future security mechanisms.
How does Stateless Server Works?
User visits a web page and the client-side interface on detecting a user responds with a credential window. The user gives a username, password and submits it for authentication. The server verifies the credentials from Database and gives access to the user. The server gives a unique token to verify the identity. The user on the next request can use the token to gain entry into the resource. This eliminates the need for the server to store information.
Here, the responsibility of authentication lies with the user who has to input the digital key to gain access and the database to match the key with the information. The information is stored in the database, not in the server, so the client has to make a call to the database every time manually either using credentials or a token.
The common way to identify users is through JASON Web Token (JWT) / OAuth stored on the client-side. This way the server relies on the user with a new request and does not rely on information from the earlier request.
Conclusion: So far we have covered the major know-hows of the Stateless model and its role in ensuring the security of the data. HTTP is known as a stateless server for the reason it demands the user’s identity on every visit. Hence, we can say that a stateless server is a modern aspect of web resources that are more critical from a security perspective.