Yii Framework Forum: Web services and authenticated sessions - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Web services and authenticated sessions Rate Topic: -----

#1 User is offline   tombrown 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 17-March 09

Posted 09 February 2010 - 09:02 AM

Having some trouble getting this working. I'm not sure if my problem is yii based or not.

I want to allow SOAP users to authenticate themselves. But I can't get sessions working correctly.

The SOAP server code is set up to login (as usual) using UserIdentity etc and my client is able to get the PHPSESSID from the response.

But, for some reason, the logged in session is not maintained when the client makes its next request.

(Even though it is passing in the PHPSESSID as a cookie).


Has anyone ran into this?
0

#2 User is offline   tri 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 1,651
  • Joined: 20-November 08
  • Location:Stockholm, Sweden

Posted 09 February 2010 - 09:36 AM

View Posttombrown, on 09 February 2010 - 09:02 AM, said:

Having some trouble getting this working. I'm not sure if my problem is yii based or not.

I want to allow SOAP users to authenticate themselves. But I can't get sessions working correctly.

The SOAP server code is set up to login (as usual) using UserIdentity etc and my client is able to get the PHPSESSID from the response.

But, for some reason, the logged in session is not maintained when the client makes its next request.

(Even though it is passing in the PHPSESSID as a cookie).


Has anyone ran into this?


Did you check out how the phonebook demo implements IWebServiceProvider?
class SiteController extends CController implements IWebServiceProvider
...
public function beforeWebMethod($service)
{
  $safeMethods=array(
    'login',
    'getContacts',
  );
  $pattern='/^('.implode('|',$safeMethods).')$/i';
  if(!Yii::app()->user->isGuest || preg_match($pattern,$service->methodName))
    return true;
  else
    throw new CException('Login required.');
}

public function afterWebMethod($service)
{
}
...

Worked for me. Not sure this will solve your problem, though.

/Tommy
Don't forget to read The Definitive Guide to Yii (en) (sv) | The class reference has the details
1

#3 User is offline   tombrown 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 17-March 09

Posted 09 February 2010 - 11:53 AM

Nope, I have something similar in my code.

I have a filter which loads the user object into the controller class if they are logged in. My beforeWebMethod method checks to see if this obj was loaded successfully and denies access if not, unless they are accessing the getAuthentication method.. If the session was maintained, the user obj would be created. I will change this user object check to Yii::app()->user->isGuest for clarity, but unfortunately this doesn't fix the problem :(.

Surely PHPSESSID is all my client needs to pass back in order for the PHP server code to reestablish the session? Am I missing something here?

I have a feeling that the server side code may not be at fault here, since few people have suggestions for me :). But I might be wrong.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users