Which statement about REST and request handling is true?

• A. Requests should rely on per-client server-side session state
• B. The server must maintain session state for each client
• C. Requests should be stateless
• D. Endpoints must be deprecated over time

Answer: (C)

Requests should be stateless. In REST, the server does not keep information about a client between requests. Each request carries all the data needed to understand and process it—authentication details, parameters, and any state required to complete the action—so the server treats every request independently. This makes the system easier to scale, since any server can handle any request, and it improves caching and load balancing because responses depend only on the specific request received. For authentication, clients typically present a token with each request, and the server validates it without storing per-client session data.

Relying on per-client server-side session state would mean the server has to remember past interactions, which breaks statelessness and undermines scalability. The notion that the server must maintain session state for each client is therefore not aligned with REST. Deprecating endpoints over time is a maintenance choice, not a REST requirement.