In general, a client may receive data from a server in either of two ways. One way is for a browser (or other client-side application) to request new data from the server (often referred to as “pulling” data). Another way is for the server to send data to the client as the data becomes available (often referred to as “pushing” data).
Before consuming resources by sending data, however, a server may desire to understand what and/or who is requesting the data. Clients and users may be identified and validated through a variety of techniques, such as passwords, security tokens, and certificates. For state-cognizant protocols, the client or user is typically validated once, at the beginning of the session. For stateless protocols, however, the client or user may have to be validated for each client-server interaction.