REST client website login

I have written a REST service that uses WSSE as an authentication method but i want to be able to use this rest service through a browser by creating a website around the service. I want the user to be able to log in on the website then when they view, for example the "view users" page an ajax request is made to test.com/users and back comes the list.

The part i'm trying to get my head around is the logging in/out on the website and keeping the user logged in across pages. Since in a true REST implementation there's no state held on the server, i can't use $_SESSION and now i don't know where to start!

What is the best way to go about this? Do i still need开发者_开发知识库 to store session information on the server then possibly use cURL to make the request?

Thanks Jay

Why not use HTTP authentication? Once the client knows it needs to supply credentials, it will and for every request you will know who the user is from the request headers.

You can then tailor the response towards the particular user making the request.

Jan