dpkrbe395930 2009-11-17 23:02
浏览 49
已采纳

在JSON Web服务中验证和跟踪用户

I have contact management / CRM application used in-house by our company, It is a web based app and thus uses a lot of Ajax. Most of the data is JSON, and the backend server uses PHP with MySQL as the database...

I would like to build a mini Adobe Air version of that, mostly because I can use Drag and Drop file uploads, client side image resizing, client side screenshot creation of uploaded files etc. etc.

Now, because the server side is a glorified JSON data provider, I figure I can adapt it to provide data to the AIR app.

My problem is, how do I handle authentication?
In PHP I use sessions for authentication...
For AIR i figure it will be more like a JSON webservice, where you call a certain URL to access certain JSON data.

After a bit of brainstorming, here is what I came up with:

  1. The user logs in when the AIR app starts
  2. The server returns an unique token on successful login, and stores that token in the DB
  3. The AIR app has to append that token to every request it makes to the server
  4. On every request, the server checks the validity of the token by comparing it to the one stored in the DB.

The questions are,
is there a better way than this?
How long should the token be valid for?
How do i handle clients that close the application without logging out, and without giving me a chance to nullify the token on the server?

If anyone has been in a similar situation, I hope to be enlightened by your answers...

thanks

  • 写回答

1条回答 默认 最新

  • doushanmo7024 2009-11-17 23:09
    关注

    How about this:

    1. simply returning the PHP Session ID in your JSON data to the AIR App upon authentication
    2. Your AIR app stores the Session ID and uses it for requests in that session
    3. when your PHP receives request with Session ID, set it to that session ID:
    4. Your session will be maintained easily by PHP and you will be able to use $_SESSION as per normal.

    When you receive a request with Session ID, simply do this:

    if(isset($_GET['sess_id'])){
  session_id($_GET['sess_id']);
  // where $_GET['sess_id'] is where you put the Session ID stored in your AIR APP
}

    This might be better because you drop the need of maintaining Sessions in database.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料