I'm developing a FLEX application which has a Java Server as back-end.
What I need:
-The FLEX app can only be used if the user it's logged;
-The FLEX app also needs to know which user it's logged, because it will shows especific content about him;
-I need to perform authentication on every webservice call;
However, the webpages are being developed using PHP, as well the login system.
After some digging, I've discovered that I can use the PHP session ID for authenticate every webservice calls, by using the php-java-bridge so both PHP and Java can share the same session.
My problem it's that I don't know how the FLEX app can get the current PHP session ID. I know that it's possible to pass it by flashvars, but I think it's not secure.
If someone has other solution, even not using the PHP session id, I'd really appreciate it.
Thanks in advance.
I see no benefit for Flex to access the PHP Session ID directly; are you sure that's what you need?
The SWF files that Flex creates are intended as client side software. Whereas PHP and Java are usually used as server side software. Try not to treat your Flex app as if it were a server side program.
The way most web applications handle sessions is that the server sets some cookie on the client. The browser automatically passes that cookie with every request; and the server uses that cookie value to sync the request up with a server side session.I know ColdFusion and Java work like this and I assume PHP uses a similar mechanism.
Every time that your SWF (AKA Flex App) makes a request to the remote server, the request will include all cookies set by the server, just like it is a normal browser request. The server should automatically sync the Flex request to a server side session.
Does that help?
you can have a php page that will be called by flex using httpService, return the $_SESSION['userName'] or your session variable. if returned empty. stop the loading of the program. hope it make sense. coz i did the same thing..
Related
I have created a login system running on XAMPP for a web app using php, html, materialise for css, and a tiny bit of javascript. The system consists of login, signup, and index pages. In addition, a database is implemented to store user data and app data in the future. If all form validation is verified, a user's sign up details are stored in the database, after which they can log in normally. If a user successfully logs in, a session is started using the start_session() and SESSION global variable of php. The index page indicates whether a session is currently in progress.
Once a session is in progress, I want to display the application contents (yet to be developed) on the index page where a user can practice their functionalities and log out when they want. I want to implement this logic using angular but I'm confused as to how I'm going to get angular to work with the php login system and the database that are running on xampp. I'm a beginner to angular (and development in general) but from what I understand it comes with it's own "server" so the application contents can be hosted locally. Does anyone have any idea how I can get the angular app working with my implementated database and php login system? Thanks in advance!
I am learning angular now a day but I think I can answer your question. By default angular serve your application on localhost:4200. This application would contain your UI and interaction logic. After the app gets loaded in the browser, your application would call PHP script as you would have normally called with HTML because now everything is on browser so you need not to bother about angular server.
However in angular, you should utilize angular services to make server request.
Your web architecture would look like this (think of apache in place of nginx)
I am working on a PHP website which is using the php_svn module to retrieve data from our SVN repositories.
For this I have set internally a hardcoded user/pwd so I can connect (dirty way...)
Now I would like to connect using my current LDAP user. Means that once I try to connect to SVN, then PHP should be able to retrieve my current windows session (the client side that executes IE,etc..) and pass it to SVN so it will still recognise me without prompting user/pwd...
Not sure if this is possible but would be brilliant to achieve it :)
Has someone achieved something similar? In the php_svn site not much information is available for this specific point...
http://php.net/manual/en/book.svn.php
Thanks in advance!
It seems like you're trying to get a web request to be session based. Web requests are stateless (meaning each request starts over from a blank slate). If you want to maintain credentials between requests, you'll need to use some kind of session handler. PHP has a built in one. http://php.net/manual/en/book.session.php
You won't be able to directly access the 'windows session' however. The information has to make its way from the windows session, into the browser, which isn't really possible without some kind of browser plugin... the more realistic way to do this is: have the user log in to the website, submit their credentials, then store them in a PHP session, to be re-used by PHP on every subsequent page load.
I'm not sure if this is even possible, but I figured this was a great place to ask the question.
I'm using http://simpletest.org/en/browser_documentation.html PHP WebBrowser to test a wordpress site. What I'm doing is setting the login credentials to access the wordpress backend. I run a couple of test, but my question is in certain situations I want to transfer the session that the "SimpleTest PHP Web Browser" has running to client's browser. Aka... my browser.
So in a since I"m transferring the session from the server side test browser to a normal client browser. This "client browser" is the same browser that is literally running the SimpleTest script to begin with.
I'm wondering if I can transfer the header & cookies associated with the "SimpleTest PHP Web Browser" to my browser. What I'm thinking is to pull the data out using the SimpleTest PHP Library and then set that information to the client browser using Javascript.
Is this even possible? I feel like I'm missing some basic understanding of server side session authentication which would make this impossible.
Any ideas? I'm really curious!
Did you look at the Authentication documentation for SimpleTest?
In PHP, you manage the Session on the server... accessing any of the session properties there on the server along side your web application.
How does this translate to an iPhone App? If I'm connection to web services (PHP, ColdFusion), where should I be managing sessions? Or does it work differently in this scenario?
Assuming your PHP code use cookies to track the active session (as opposed to, say, a session id request parameter), NSURLConnection handles cookies for you without any extra work, and it should work the same way it does inside a browser.
I have a client running an ASP.NET application. Inside of that, there's a self-contained PHP wiki. The problem is that the wiki won't use the .NET authentication, so requests directly to http://foobar/path/wiki/ will resolve without forcing a login.
My simple solution for this is to run the PHP application in an iFrame from an .aspx file that will force authentication, and then use PHP to detect if the page is loaded outside of a frame and redirect if so.
I know this can be done with JavaScript quite easily, but I would prefer to do this test server-side before the Wiki content loads. I need help figuring out a way that this can be done. Referrer comparison perhaps?
Any suggestions?
Thanks!
There is no way to tell on the server-side if a client's browser is loading a page within a frame, tab, or dedicated window.
What you can do is have your .NET application set a cookie after authenticating that the PHP application will read. If the cookie doesn't exist then do a redirect to the authentication page.
Even with JavaScript this is not secure. One could simply request the Wiki pages and ignore the JavaScript. For example, I could use WGET to pull down all your content without ever authenticating.
If security is important, I would highly recommend figuring out a way to make the PHP app aware of the authentication.
The simplest approach, if this is all on one server, would be to have the .NET application store some sort of token after authenticating, somewhere PHP can access it. Then set a cookie that the PHP wiki will receive and check that value is a valid session for each request.