I am building a REST API and I am in a login dilemma. What should happen on a subsequent login request once I have already loggedIn and before I SignOut.
So to simplify I do this:
1st Login Request - Response has a auth_token
2nd Login Request before logging out - what should be the response?
Should it be the same auth_token or a new auth_token should be generated?
REST should be stateless, there is no "login", or "logout", at least not one that the server tracks. Therefore, nothing should actually happen, the user/client should always authenticate, on each request.
This of course does not mean, that you can not cache credentials, but the communication should be stateless nonetheless.
If you are doing HTTP-based authentication, you do not have to worry about this actually, client will always sent authentication information automatically.