I am building a type of messaging api in spring and I am curious whether I should be using Client Session State or Database Session State? I know that each has it pros and drawbacks, but which is typically used? Is it right or wrong to use one or the other for a rest api or is it simply a series of trade offs?
Both options are certainly viable, and just depend on how you want the implementation. A client-side session may be easier to get up and running quickly and reduce query latency, however it may also be insecure without serious thought put into encryption. Client-side is also harder to scale, however this may not be an issue if this is a small personal project. I personally am using server-side sessions in my current REST API, because authentication was easier and I wanted the scalability.
Source: http://www.rodsonluo.com/client-session-vs-server-session