architect-handbook

Software Architect Handbook

View on GitHub

Stateless protocol

Definition

A stateless protocol is a communication protocol in which the receiver must not retain session state from previous requests.

The sender transfers relevant session state to the receiver in such a way that every request can be understood in isolation, that is without reference to session state from previous requests retained by the receiver.

Examples include Internet Protocol (IP), Hypertext Transfer Protocol (HTTP), UDP.

Another way to define this is that the client is responsible for storing and handling the session related information on its own side, as well as sending any state information to the server whenever it is needed.

There should not be any session affinity or sticky session between the client and the server.

Tradeoffs

Advantages

Stateless protocols improve:

Disadvantages

They may decrease network performance by increasing the repetitive data sent in a series of requests, since the data cannot be left on the server and reused.

Vs Stateful

In contrast, a stateful protocol is a communication protocol in which the receiver may retain session state from previous requests.

Examples include Transmission Control Protocol (TCP) and the File Transfer Protocol (FTP).

Stacking protocol layers

There can be complex interactions between stateful and stateless protocols among different protocol layers.

For example, HTTP (stateless) is layered on top of TCP (stateful), which is layered on top of IP (stateless), and so on.

HTTP & Session Management

The stacking of layers continues even above HTTP. As a workaround for the lack of a retained session state, HTTP servers implement various session management methods.

Typically, utilizing a session identifier in an HTTP cookie referencing session state stored on the server, effectively creating a stateful protocol on top of HTTP.

HTTP cookies may be considered to violate REST architectural style because even without referencing a session state stored on the server, they are independent of session state (they affect previous pages of the same website in the browser history) and they have no defined semantics.