My application is JavaScript and jQuery up front, PHP in the back. I'd like to implement a URL- or parameter-based session management system so my users can save/share their results. Most of the solutions I've seen involve cookies, but I want anyone (e.g. anyone my user gives a link to) to be able to open up exactly where the user left off.
Example:
User A goes to www.my.url and interacts with the page. Variables are set (mostly via jQuery) et al. User A then decides he wants to share what he sees with user B. He clicks a button and is issued a URL.
User B gets the link from user A and goes to www.my.url?session=[randomness] or www.my.url/?[randomness] (either would be okay). User B picks up exactly where User A pressed the button to issue the link. User B continues to interact with the page.
User A goes to the same URL and picks up where he pressed the button. He then interacts with the page. User A's and user B's sessions do not share anything and the actions of one do not have any bearing on the other - each "real" user session is strictly a sandbox again after the URL is passed and delivered.
User A and B both go to www.my.url (without a session identifier) and get the 'factory' startup as User C does.
Also none of these user actions have to (or probably will) happen concurrently. I can use file-based or mySQL for session (and content) serialization. Currently using CSV for 'factory' reference data (search base) and no need to jump to a DB.
Does anyone know of a practical all-up example here? Or a set of tutorials to help me get started? Is 'session management' really what I'm asking for or is it just serialization via URL(ish)? Is there a better way to search/ask for what I need?
Thank you, any help is appreciated here as this shareable aspect will be huge for my application.
Related
A short tutorial in W3schools about PHP Sessions writes the following:
When you work with an application, you open it, do some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state.
Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser.
So; Session variables hold information about one single user, and are available to all pages in one application.
I would like to ask you if there is something similar in Zoho Creator. The reason why I am asking is because I have an application with 3 pages (each page has an embedded form). Each page redirects to the other (1st Page -> 2nd Page -> 3rd Page) and passes data through them via openurl. The final result is an HTML Page with the data of these 3 Pages (they have a unique ID).
Let's say that I am in the second page and for some reason (electricity blackout, do another job and close the browser) I want to escape from the application and the next time to continue from the same point, is there any way to do that??
I can suggest you next way
On first page generate unique session Id for the user and pass this id as a parameter to next page in URL. You can crypt in this id pointer to record from first form for example..
I am wondering if it's possible to have a user visit my website (Site A) and fill out a form that has first name, last name, email and a submit button. When the user hits submit, that information is emailed to me, but then the user is directed to this site https://my.charitywater.org/p/donate?campaign_id=34971#donation-info where there is a form that is asking for some of the same information.
I am wondering if any of that information that was gathered on my site (Site A) can be passed onto that Charity Water page and prepopulate those fields so that information does not have to be entered twice?
Thank you for your help!!!
There is no way for a website (A) to cause a browser to go to another (arbitrary) site (B) and pre-fill form controls on B with data from A.
Site B would have to be explicitly designed to make that possible.
You can't. At least if the website is one of your own you have some more tricks to play.
But I guess that is not the case so,
You might try to send the form for site (B) yourself. Look how the client side HTML/JavaScript sends the form and then try remaking that. Ask the visitor if he wants to participate on whatever its for and also send the data to site (B) if he wants to.
When doing this you shut do it server side because browsers don't like crossing diffident domains in a request form your HTML/JavaScript.
Now you can even just get the result page of website (B) and show it to the visitor.
This can be done by passing the values to the third party site via GET variables.
Please note that while this currently works, it is not standard and completely depends on the third party site. It is entirely possible that they modify their code and break your site, in which there is no standard way of reimplementing this.
https://my.charitywater.org/p/donate?campaign_id=34971&payment_amt=100&first_name=John&last_name=Smith&comment_tx=This%20is%20my%20comment#donation-info
I'm facing an architecture problem I didn't manage to solve. I'm developing a little game in PHP and Javascript, and I need to save the user's progress. Now, the problem is that PHP can't determine when the user wins the level: it's done in Javascript. Is there any way to save the user's progress when he wins a level?
For example, when the user wins level 1, he gains access to level 2. If he tries to access level 2 without having completed the previous level, he gets redirected to the last completed one. In my controller I was doing the following:
if (1 !== $id) {
if ($app['session']->get('last_level') !== ($id - 1)) {
// redirect the user
}
}
Now I need a way to store the last_level value into the session, an operation that can't be simulated by the user.
Any hints?
You're going to want to do the different last_level calculations on the server. That way the user can't hack around with the JavaScript, and submit something on a specially crafted form. So depending on what your storage system is (KV store, Database, Textfile, etc.), put that value in there, and retrieve it.
Ajax can help you out, but isn't necessary. It depends on how your game is set up. But if they complete the level, the server needs to be notified.
If a user completes a level and then stays on the same page doing additional work:
Then you'll probably want Ajax to send the new level info to the server as soon as the new level has been achieved. Thus:
Use cookies to store your php session id
From your Javascript client, use Ajax to invoke a php url on your server whenever the user wins a new level. Send the new level as a parameter. Can use POST or GET, doesn't matter.
The php program will receive the session id in the cookie, and the new level as a parameter. The php program will look up the user id from the session id, then store the new level the database.
Next time the main url of the php program is invoked, it will be able to look up the user's level.
If the user presses "Next" button to go onward to the next level:
Use Javascript, not Ajax, to change the POST parameters of the "Next" button.
You'd use POST, not GET, since seeing a url of foo.com/game?level=5 is a bit too obvious for people to cheat your game. POST will not show the level parameter in the url. More security: add a checksum parameter.
If any of the above is not clear, ask in comments or as a follow-up question.
If you're happy to take javascript's word for it that the level has been completed then just set a cookie from javascript.
an operation that can't be simulated by the user
Sorry - but if it's javascript which dtermines when they've completed the level then there's nothing to stop the user falsifying the results.
I’m working on a bookmarklet solution with similar functionality as Instapaper (bookmarklet functionality that is, not site functionality).
For my first bookmarklet version I sent the user to mysite.com/add.php?url=[url], which then did what I wanted to do (added url to the database, etc) in the backend as long as the user was logged on to my site since before (session kept alive using cookies). The user then had to press a back button to return to the original site. This worked as intended.
Now I want to let the user remain on the original site (as the instapaper bookmarklet does) while I do the backend stuff in the background, therefore:
- The bookmarklet now appends a javascript function to the original site
- The javascript uses a form and submits the URL to mysite.com/add.php with url as a variable (add.php is unchanged)
- I output status from add.php into an iframe that appears on the orignal site
This works so far that the url is sent to add.php, while the user remains on the original site, and the status is printed in the iframe I temporarily display on the original site.
However, from the scripts point of view the user no longer appears to be logged on, even if he/she is when mysite.com is accessed directly. I’m using this login system (http://www.evolt.org/node/60384).
Can you point me in the right direction? Let me know if you need more info.
Thanks
Since I get this to work in IE, but not in Firefox or Chrome, I'm leaning at the conclusion that it's due to the browsers security precautions, and that I won't get it to work by only using php session.
I've therefore come up with an alternative solution to what I want to achieve, that I want to run by you.
Please comment:
1) When a user register at my site, I create a random unique static identifier (RUSI) for that user (i.e. not the username or hashed pwd)
2) I append this RUSI to the bookmarklet code (meaning the bookmarklet can only be added while the user is logged in to my site)
3) When the user press the bookmarklet, my script checks what username the RUSI corresponds to, and checks if that username is in my active_user table (that consists of all logged in uers)
4) If the username exists in the active_user table, then the bookmarklet does what it supposed to do, otherwise i print "please login" or similar.
As said, please comment on this solution, as I have a hard time figuring out if this is a good or really bad approach. The obvious down side is of course that a user who finds out another users RUSI can execute the script on his/her behalf as long as he/she is logged in.
Thanks.
The current app I'm building is a collaboration app that holds several users in a "team" or company that can access a set of projects. Each project has it's own documents.
I want to protect team users from running in to each other and so I have built a system where documents are locked by the first user to access them. The document is then unlocked when any of the following occur:
The user closes the document
The user signs out and destroys his/her session
The user left without signing out but the session garbage collection unlocks the document
All this works well but one thing is left to fix...
I need to know when the user leaves a project without unlocking the document (basically just leaves the page), since he can walk in to another project and edit another document.
My only option I thought of so far is by catching the http referrer in my base controller class (CodeIgniter MVC) and do a search on the url to see if it matches a project... Then unlock the document.
This is not a strong option though since the http referrer variable is unpredictable.
What would you do? (The same user being in the same document in two windows is an issue that can be ignored)
One way around it would be using the window.onUnload Javascript event to signal back to the server the page is being left. It would be best to use AJAX on the current page to communicate since most browsers will block a pop-up these days.
Keep a reference to the document they're currently editing in your session, and then when a document is open, check and see if it's different? If so, unlock the previous one?