My website works fine for web browsers that go to my login-protected API pages. However I am making an IOS program that needs to access the API (raw POST, not UIWEBVIEW), but I don't know how to:
A) give the iphone a session id, and
B) send that session id to the server to access the API pages.
I assume this is what needs to be done to access API pages that require a sesssion/cookie...
Note: I did not use any CI session library - made my own. CI stores the sessions in a file cache, not the db.
Related
I'm upgrading a Cordova iOS 5.1.1 application (written still in jQuery) to iOS 6.1.1 platform as Apple rejects apps that still use UIWebView. I find the migration quite tough as my app is using loading JS files via Ajax, storing data in localStorage and storing PHP Session cookies and all of this data must be reachable now as well.
I have added cordova-plugin-migrate-localstorage plugin to migrate the localstorage data that UIWebView was using and it works fine. However, I cannot seem to find / implement a solution how to save cookies, especially PHP Session ID as it's mandatory that it doesn't change for each request, because PHP backend returns data depending on the SESSION data.
I've tried most of the plugins that were mentioned, for instance cordova-plugin-cookie-sync, cordova-plugin-cookie-inject etc. but none seem to work and store the Session ID.
Unfortunately I can only test the app in the simulator as none of my devices has i so I'm also wondering if there is a solution that doesn't demand having a physical device?
Am I doing a mistake and should stay on iOS 5.1.1 platform and just add wkWebView? I tried to play around a bit and just add the wkWebView Engine to it but it doesn't seem to know how to load local JS files.
I'm in a situation where I need to auto-auth users between an ASP.NET website and WordPress. The idea is once you're logged into the ASP.NET website and if you browse the WP pages your logged in automagically and vice versa.
In ASP.NET I can auth users against WP database but that's all I can think of, so the question is.
-How to enable this by-directional authentication scheme?
-Zubair
I had a similar problem, where I had an ASP.net application (third party) and a PHP application (built in-house). I have modified the ASP.net application with just a few lines of code, so that it worked like this:
User logs to the ASP.net application
The ASP.net application sets a session cookie (this is automatic)
Modification: the ASP.net adds a row to the database with the session ID (which is in the cookie) and the username
The PHP application reads the ASP.net session cookie and gets the session ID
The PHP application searches the DB for the session ID and if it is found, it automatically associates the session with the username found
I also added an expiry time for the sessions, to minimize impersonation possibilies...
There are two different server side scripts and it is hard to create by-directional authentication. Since WP uses cookies, you might try to authenticate users against cookies. creating a mechanism that check if there is valid WP cookies in users machine and then read from cookies to authenticate users.
Send cookies from PHP by SetCookie() method, then read cookies from ASP.Net by reading cookies collection(since the name of the cookie changes). then Decode url.. (in ASP.Net you wil get encrypted url. special caharacters are replaced by(#-->%23 , #--->%40 etc..)
We're working on a website for a client and we are developing the front-end products website using PHP, and there is a subdomain called "store" for the online ordering functionality. But the store sub-domain is built with .net.
How can I keep the user logged in when they go to the store? Both the front-end and the store are using the same authentication service so that's not an issue. But I don't have experience with .net so I can figure out which are the session cookie values. So I would set them to be domain-specific and it would work.
I would store sessions in database and both instances would user the same database for reading session data by session ID read from the shared cookie between www.site.com and store.site.com.
Either store information about login on the server somewhere.
Or you can just add a cookie to the user's browser and read that in both placed.
I'm writing a JQM web app with a PHP web service. Users will be able to sign-in and register that they've made a purchase of, for instance, a soda from the club. This info will be stored in a database and eventually billed.
To illustrate what I want to do: I have already implemented this as an Android app. My "session handling" in the Android app consists of simply storing the user's credentials in Android's savedPeferences (persistent local storage) upon succesful authentication with the server. These credentials are then resent with every subsequent server request so that users only ever have to sign-in once - upon running the app for the first time.
I want to mimic this behavior in my JQM app as closely as possible. Ideally, the user should only ever have to sign in once unless they choose log out.
I'm a bit rusty when it comes to website programming, so what would be the best approach? Non-expiring cookings? Do I use a PHP session or handle everything in javascript?
This is for a hobby project; I prefer a simple solution over something overly secure and complex. Thanks!
Edit: After reading Mike's answer I stumbled across this plugin: https://github.com/carhartl/jquery-cookie
Perhaps this is the easiest way to keep users logged in..?
PHP sessions are going to be invalidated after a set amount of time (depending on your php.ini settings or any runtime modificatoins to the settings).
You can use long-time expiring cookies to persist a login (typically user is given checkbox at login to allow their login credential to be stored).
Since you are developing for a mobile device, you do also have the alternative of using HTML5 local storage since most every Android browser out there supports it. See more info at the link below.
HTML5 Local storage info
I prefer this as the login hash could be persisted even if the user clears their browser cookies and it can be handled strictly within Javascript.
In PHP, you manage the Session on the server... accessing any of the session properties there on the server along side your web application.
How does this translate to an iPhone App? If I'm connection to web services (PHP, ColdFusion), where should I be managing sessions? Or does it work differently in this scenario?
Assuming your PHP code use cookies to track the active session (as opposed to, say, a session id request parameter), NSURLConnection handles cookies for you without any extra work, and it should work the same way it does inside a browser.