In PHP, you manage the Session on the server... accessing any of the session properties there on the server along side your web application.
How does this translate to an iPhone App? If I'm connection to web services (PHP, ColdFusion), where should I be managing sessions? Or does it work differently in this scenario?
Assuming your PHP code use cookies to track the active session (as opposed to, say, a session id request parameter), NSURLConnection handles cookies for you without any extra work, and it should work the same way it does inside a browser.
Related
I am working on an PHP API application that will work an different domains (and hosted on different servers) that need to share user session. Let's say api.a.com and api.b.com.
Back end side, for me, storing session data using a session id key that can be fetch from multiple domain is the easy part.
My main concern is sending session id to both api.a.com and api.b.com. Native PHP session uses cookies to send session id for each request. Having different top level domain, the cookies will not be sent to all domains (unless I explicitly use Javascript to extract it and send it as a request header).
I thought about storing the session id inside the the Json Web Token data sent to the server, but somehow, it feels wrong.
Any thoughts on this?
Use a memcache server. PHP supports saving sessions in memcache.
With Amazon, I have a load balancer front with Linux instances, each connected to memcache.
Then I have a completely different EB application and domain that accesses the same memcache and pulls real time stats, so it's pretty easy to setup access to the same memcache server or cluster from different applications.
Note there's a difference between "memcache" and "memcached" -- either can be used, but they're different servers!
Use a memcache server. PHP supports saving sessions in memcache or mysql.
then use sessionid by http transport.
`
$sid = $_REQUEST['sid'];// receive sessionid
session_start();
session_id($sid); //reset current sessionid by $sid
var_dump($_SESSION["A_DOMAIN_SESSION"]);
var_dump($_SESSION["B_DOMAIN_SESSION"]);
?>`
I'm in a situation where I need to auto-auth users between an ASP.NET website and WordPress. The idea is once you're logged into the ASP.NET website and if you browse the WP pages your logged in automagically and vice versa.
In ASP.NET I can auth users against WP database but that's all I can think of, so the question is.
-How to enable this by-directional authentication scheme?
-Zubair
I had a similar problem, where I had an ASP.net application (third party) and a PHP application (built in-house). I have modified the ASP.net application with just a few lines of code, so that it worked like this:
User logs to the ASP.net application
The ASP.net application sets a session cookie (this is automatic)
Modification: the ASP.net adds a row to the database with the session ID (which is in the cookie) and the username
The PHP application reads the ASP.net session cookie and gets the session ID
The PHP application searches the DB for the session ID and if it is found, it automatically associates the session with the username found
I also added an expiry time for the sessions, to minimize impersonation possibilies...
There are two different server side scripts and it is hard to create by-directional authentication. Since WP uses cookies, you might try to authenticate users against cookies. creating a mechanism that check if there is valid WP cookies in users machine and then read from cookies to authenticate users.
Send cookies from PHP by SetCookie() method, then read cookies from ASP.Net by reading cookies collection(since the name of the cookie changes). then Decode url.. (in ASP.Net you wil get encrypted url. special caharacters are replaced by(#-->%23 , #--->%40 etc..)
My website works fine for web browsers that go to my login-protected API pages. However I am making an IOS program that needs to access the API (raw POST, not UIWEBVIEW), but I don't know how to:
A) give the iphone a session id, and
B) send that session id to the server to access the API pages.
I assume this is what needs to be done to access API pages that require a sesssion/cookie...
Note: I did not use any CI session library - made my own. CI stores the sessions in a file cache, not the db.
I have PHP application for offers. In this application when user log in I start new session and save him id in that way $_SESSION['id'] = $id. How can I use this variable in my iphone application. I think I can use cookies. But when I create cookie in the start of application how can I use value of this cookie in next screen. If you can give some start point, I'd be glad. I'm developing native application.
If you're using Apple's URL Loading System to access your web site, then you get cookie storage and handling for free with NSHTTPCookieStorage.
I'm developing a FLEX application which has a Java Server as back-end.
What I need:
-The FLEX app can only be used if the user it's logged;
-The FLEX app also needs to know which user it's logged, because it will shows especific content about him;
-I need to perform authentication on every webservice call;
However, the webpages are being developed using PHP, as well the login system.
After some digging, I've discovered that I can use the PHP session ID for authenticate every webservice calls, by using the php-java-bridge so both PHP and Java can share the same session.
My problem it's that I don't know how the FLEX app can get the current PHP session ID. I know that it's possible to pass it by flashvars, but I think it's not secure.
If someone has other solution, even not using the PHP session id, I'd really appreciate it.
Thanks in advance.
I see no benefit for Flex to access the PHP Session ID directly; are you sure that's what you need?
The SWF files that Flex creates are intended as client side software. Whereas PHP and Java are usually used as server side software. Try not to treat your Flex app as if it were a server side program.
The way most web applications handle sessions is that the server sets some cookie on the client. The browser automatically passes that cookie with every request; and the server uses that cookie value to sync the request up with a server side session.I know ColdFusion and Java work like this and I assume PHP uses a similar mechanism.
Every time that your SWF (AKA Flex App) makes a request to the remote server, the request will include all cookies set by the server, just like it is a normal browser request. The server should automatically sync the Flex request to a server side session.
Does that help?
you can have a php page that will be called by flex using httpService, return the $_SESSION['userName'] or your session variable. if returned empty. stop the loading of the program. hope it make sense. coz i did the same thing..