Losing Session when get request header is too long - php

I'm having a problem with my application.
I created a filter panel on which the users can select multiple parameters and then I pass them to a GET request that hits a function inside a controller that returns the results. All this is very basic stuff, I had no problem implementing this. But my application uses uuids and the request URI gets very long. That results to losing my current session, log out current user and Laravel to generate a new session token.
The URI is something like this:
www.domain.com/search?offer_category[]=892b06ac-6552-43ca-9fcd-ba65d4223e7d&offer_category[]=bc66fd8d-1ea9-4968-bee5-8ab9ab665446&offer_category[]=46907770-13d8-4ba1-be33-58f254624860&offer_category[]=6fd45d2b-8dc0-4d8e-a94c-1d3eab86eb0a&offer_type[]=62f23e8b-c22e-43f7-8bf6-8b393e81a1ca&offer_type[]=d33b2a38-50fe-4868-8cfc-9af9ef39d91e&order_by=duration_to&order_dir=asc
Why is this happening? Is there a max header character count for GET request? Can I get through this? I don't want to use a POST request, I don't think it's the right way to do a search.

Related

How to use php ArrayCachePool?

So I'm trying to use this library for caching. https://github.com/php-cache/array-adapter
This is the sample code from documentation.
$pool = new ArrayCachePool();
$item = $pool->getItem('key')->set('datakkk');
$pool->save($item);
dd($pool->get('key'));
I want to store the token for some 3 minutes and if that token expires I want to make an auth API call. If it is not expired it will call the whatever endpoint it has provided.
I have done most of the part just I'm stuck between how to cache the token.
Because it does get stored when I call the above code but it gets cleared for the next API call. Tried singletone pattern but it's not working. Any help would be appreciated.
ArrayCache does not store any data between requests. It is supposed to store data during single script execution. So, when your script ends - all data from ArrayCache is lost.
To store data between requests use another cache engine, not ArrayCache.

GET vs POST when requesting data on button click?

I'm using Laravel 5.3.
Essentially, when a user clicks a button on the screen, I need to get data from the database (using AJAX), and then display that data on the screen.
However, I'm not sure if I should be using a GET or POST request? I've only ever used GET requests for routing when the user wants to get to a specific page, like a GET request for /index or /profile.
Which should I use?
There is a difference between GET & POST method in Laravel
GET is used when we want to get some data from the server and we do not send any parameter in request. And the security threat is not a concern, like you are opening a page on browser
POST is used when we want to send some parameter to the server and based on that parameter some processing is done. In laravel it is mandatory to include CSRF token wit the request for security concern.
So choose as per your requirement.
easy! Use GET when you're to getting data, and POST when you're posting data.
There are even more of these request methods (or verbs, if you like). For example a PUT request to edit data, DELETE request to delete data etc. However, these aren't supported in most browsers yet, but i know laravel has a clever workaround so you can use them anyway. check this links:
https://laravel.com/docs/5.3/routing
This is actually something of your own choosing. If the operation is a sensitive one you might consider using POST so that you can have protection over CROSS-SITE REQUEST FORGERY from attackers but if not so you can simply use GET
If you only want save data in database(no return data) so you should use POST. And whenever you want to get data from database so you should use GET.
Ex - If you want to insert a new user information in database so here you use GET method and if you want to edit existing user information and return updated information so you will use GET method.

REST application POST and redirect

usually after POST request need to be done redirect to new url (at least it's a right proactice to build obvious web applications).
What to do with RESTfull app after POST is received and completed ? Should I send to client 302 Header with new url ?
And another question related with REST approach: what about pagination, ordering and filtering the generic GRID ? I'm talking about usual javascript grids which has such functions like searching, sorting, filtering and paginating how it is applicable with REST approach (it is GET ?) ?
There is actually a dedicated status code to return after a resource-creating POST request: 201 Created. It is accompanied by a Location HTTP header which points to the newly reported response.
As to pagination, the usual approach is to define the subset of the data you want to retrieve with GET query parameters. For instance, to retrieve the first 50 entries of an employee list, the request could look like this:
GET /employees?entries=50
And the next 50 like so:
GET /employees?start=50&entries=50
and so on.

Zend Framework - Secure way to pass parameter from view to controller

I used Zend Framework for near 3 month and I'm searching for a method to pass parameters from the view to the controller in a secure way. I prefer to pass the parameters like $_POST method, but I don't want to use forms.
Is there any method to use in ZF? I only know the url() method but I don't know if this method is works well to passing important data to the controller.
HTTP is a stateless protocol and you can basically choose from four solutions to preserve information between requests (as this is, I think, what you are trying to do, isn't it):
Query string
Hidden elements in forms
Cookie
Session
Session would be the safest. In ZF you have Zend_Session component to help you with session managment.
As far as sending POSTs without form it is rather difficult. Have a look at: Zend Framework: How to POST data to some external page (e.g. external payment gate) without using form?. However, if you only want to sent POST data than you could do it in PHP using cURL.
I think you might be looking for Session variables.
You want to send something that can't be seen from URL into the next request, right? Session is ideal for that.
Update:
I read your question as:
"There is this variable in page, that somehow changes. I want the user to send it to the server, but it should not appear in the URL. But without using forms."
There is no way to initiate POST request (like let the user post a password or sth like that) from browser without forms or javascript axaj call. To send some data via POST you can use Zend_Http_Client(), but that's done server-side and you still need to make a GET request first.
May I ask you how would you implement it using GET? That would help us to understand what exactly you'd like to do.
And the last idea:
I'm searching for a method to pass
parameters from the view to the
controller in a secure way
JUST BEACUSE IT'S NOT IN URL IT'S NOT SECURE! :)
I think what you can use is a digest key
The method has nothing to do with security GET, POST, Cookies or Session a person on the client side can manipulate the params.
Example:
mywebsite.com/widget.php?id=1234&action=delete
A person can change the GET param id and delete whatever they want. Obviously, your controller should implement Auth and perhaps an ACL, for authentication and authorisation, but this still wont prevent URL tampering. For example, what's the stop Bob logging in and altering a URL to edit John's widget.
you generate a digest key by concating the params into a string:
1234+password = "1234password" then generate the MD5 of the result = d5b1ee4b463dc7db3b0eaaa0ea2cb5b4
pass this along the url.
mywebsite.com/widget.php?id=1234&action=delete&mac=d5b1ee4b463dc7db3b0eaaa0ea2cb5b4
inside widget.php you can use the same formula to calculate the digest key and check to see if it matches. If they attempt to change the id to say 4567 the MD5 result would be 09fef3620249f28ae64adc23bded949, so you can deny the request.
If you have more than 1 param on your URI, string them together, add the password and generate an MD5 or SHA1.

Passing Data From Initial XML Request To Subsequent Pages

`I am working with an API that sends back an XML response upon request. Here's a simplified example:
<buildings>
<building attr1="foo" attr2="bar">
<uri>http://blah.com</uri>
<thumbnail>http://blah.com/foo-picture.jpg</thumbnail>
</building>
<building attr1="poo" attr2="pee">
...
</building>
</buildings>
After I use $.get() to request the XML, I have to search through it to get the <building>s that have attr1="foo" for example.
After displaying this result set, each <building> has a link that sends the user to another page, let's say details.htm?id=fun There is only one 'page,' but the content changes depending on the id that is passed along in the URL.
Finally, the question:
I have to include Next and Previous links to navigate within the result set that I ended up with after searching through the original XML response.
If the result set was always guaranteed to be very small, I could pass it in the url, similar to
details.htm?id=fun&nextid=morefun&previd=lessfun
However, I have to account for the possibility of a very large result set.
Can anyone suggest a method for making the result set persistent while a user is navigating within it? The way I have it set up at the moment is that an array of result IDs is generated after the search is complete and the result set has been returned. Is there a way to make this array portable and (relatively) permanent?
Probably the easiest is to use PHP Sessions unless you want to make a pure ajax site.

Categories