How to use php ArrayCachePool? - php

So I'm trying to use this library for caching. https://github.com/php-cache/array-adapter
This is the sample code from documentation.
$pool = new ArrayCachePool();
$item = $pool->getItem('key')->set('datakkk');
$pool->save($item);
dd($pool->get('key'));
I want to store the token for some 3 minutes and if that token expires I want to make an auth API call. If it is not expired it will call the whatever endpoint it has provided.
I have done most of the part just I'm stuck between how to cache the token.
Because it does get stored when I call the above code but it gets cleared for the next API call. Tried singletone pattern but it's not working. Any help would be appreciated.

ArrayCache does not store any data between requests. It is supposed to store data during single script execution. So, when your script ends - all data from ArrayCache is lost.
To store data between requests use another cache engine, not ArrayCache.

Related

use POST or GET when modifying SESSION data on php

We use POST requests when changing resources and GET when searching for resources on the server right ? I want to know exactly what do we mean with 'resources' ? is it only the data stored on the database ? Can we consider the SESSION as one of these resources ?
Let's say I'm working on a PHP server and want to modify a variable inside a session, or destroying the session for the client, without modifying anything in the database. Should i use a POST type request or a GET type request for that ?
The HTTP methods can exist without a database behind. This names GET, POST, ..., are made for the understanding of the client. So, if the method creates, modifies, or deletes something, use POST, PUT, or DELETE (respectively) to let the client know that something is being created, modified or deleted.
Application State vs Resource State
Application state is server-side data which servers store to identify incoming client requests, their previous interaction details, and current context information.
Resource state is the current state of a resource on a server at any point of time and it has nothing to do with the interaction between client and server.It is what you get as a response from the server as API response. You refer to it as resource representation.
From: https://restfulapi.net/statelessness/
As For which method to use for changing Application State(session):
GET Request Should be idempotent so we cannot update/create the session with GET method.
Use GET to Get Value of Session, POST to update session, PUT to create session and Delete to delete session

Losing Session when get request header is too long

I'm having a problem with my application.
I created a filter panel on which the users can select multiple parameters and then I pass them to a GET request that hits a function inside a controller that returns the results. All this is very basic stuff, I had no problem implementing this. But my application uses uuids and the request URI gets very long. That results to losing my current session, log out current user and Laravel to generate a new session token.
The URI is something like this:
www.domain.com/search?offer_category[]=892b06ac-6552-43ca-9fcd-ba65d4223e7d&offer_category[]=bc66fd8d-1ea9-4968-bee5-8ab9ab665446&offer_category[]=46907770-13d8-4ba1-be33-58f254624860&offer_category[]=6fd45d2b-8dc0-4d8e-a94c-1d3eab86eb0a&offer_type[]=62f23e8b-c22e-43f7-8bf6-8b393e81a1ca&offer_type[]=d33b2a38-50fe-4868-8cfc-9af9ef39d91e&order_by=duration_to&order_dir=asc
Why is this happening? Is there a max header character count for GET request? Can I get through this? I don't want to use a POST request, I don't think it's the right way to do a search.

Make multiple AJAX request using the same session

I have a REST webservice that returns an hash value based on the current http session. If I open the webservice page using a browser, I will see the same value refreshing the page or opening the page in multiple tab. This is the expected behavior because I'm using the same session on multiple request. If I do an AJAX request using the $http service of AngularJS, I obtain a different value each time. It seems that each request uses a different session. I need to obtain the same behavior like the browser request, multiple request that sharing the same session. Is it possible?
More info about server environment:
The server side REST webservice is powered by Laravel 4.2, there is a simple RESTful controller that return the hash code using this function:
public function getCsrf () {
return Response::json(array('csrf' => csrf_token()));
}
if I browse the webservice page using my browser I obtain always the same result (i.e. http://myservice.page/rest/csrf), If I do the same thing using ajax I obtain always different results.
I would do it on the server side: cache the hash value. If an ajax request comes in, I would determine if it is already associated with a map of session/hash value. return it if it exists.
You can also put the hash value in sessionSorage, and do some checking logic in angular httpInterceptor, but this is more fragile than backend

retrieving session via cross domain ajax

Background:
I'm developing a website tracker using javascript. Here's how it works:
1) A user visits any domain the tracker script is on "anydomain.com". The script makes a successful ajax call in the background to my master domain "masterdomain.com".
2) When "masterdomain.com" receives a request, the following PSEUDO code is run. It works by checking for an existing session and if one doesnt exist it creates a new one.
The first call appears to be fine because I am able to receive a session ID in a response. However, each successive call to "masterdomain.com" creates a new session. AKA the server doesn't find the "should be" existing session.
Sample PSEUDO Code:
if(session exists)
{
// update timestamp for session
}
else
{
// set a new session for visitor
}
// load template
api(array("accepted"=>session_id),callback);
Some Quick Facts:
1) This does not appear to be a same origin issue (as I am able to communicate with the server fine).
2) I have tried this with cookies/sessions both appear to not be working.
3) I am using codeigniter (sessions are set not to expire on page close). I have also tried using/not using database sessions).
This problem can also be solved if there is another way to uniquely identify a user each time a page loads on a server (not using IP).
Any help would be greatly appreciated as I'm about ready to tear the rest of my hair out of my head!!!! :(
This answer is incomplete in that you'll have to do some additional research, but the easiest way (which is not actually particularly 'easy') to do this is to use Javascript to place a hidden iframe to masterdomain.com, and set up iframe communication (e.g. using postMessage) to retrieve the session from that iframe to your page.
With AJAX calls you can only send/set session cookies if the URL you're calling is on the same domain as your calling script. I think you should create an iframe, call ajax from within and it should work fine. By the way, I have no idea what you are trying to track.

PHP - Specific scenario for storing login information

I'm making a PHP app to allow our customers to retrieve information from our database, using pre-defined functions. Perhaps PHP isn't the best choice for this, but the same page is also used as a backend for a flash app, and we don't have the time to rewrite it in another language (still, if we did have that time, I'm open to suggestions).
They will access the page via a URL, something like:
http://myurl.com/test.php?function=getUser&username=John
This will call the function getUser($username) and pass the value John as the $username parameter. Here's the twist: this page will be called from an application that the customer creates, not from a browser.
They are allowed to get info about some users, but not others. To enforce this, I require them to provide login information. I'm not sure how I can keep that user logged in so that they don't have to pass their login information every time they call a function, which can be multiple times per second.
I don't think I can use sessions or cookies, since they are not calling the page from a browser. So how can I keep that user logged in?
You can look into setting up something like a SOAP API on your end. Then, you can provide them with a token that goes back and forth (and possibly changes) between each request they make.
Have a read over SOAP and see if it gives you any inspiration at the very least. As far as implementing it, your options are many. Maybe consider using a framework?
You've hit the stateless wall :D .
You will either need to create a session aware browser client object with some library or some token exchange. But as long as you are using a separate session between calls you will need to hit the database again to authorize the user; token or not.
Simple answer: You can't, since HTTP is stateless.
But: You can use the same principle as cookies do, which is "send some authentification info along with the request without transmitting the secret". Have a look into OAuth and if it fits into your scenario. You can even use ready-made libraries for PHP.

Categories