PDA

View Full Version : Managing sessions with Sencha Touch and Rails



jimbomt
12 Sep 2011, 12:16 AM
Hi,
we are currently developing a mobile app with the following setup:
- a set of rails controllers which provides data in json format
- a sencha touch app that uses the rails controller to fetch this data

The application should manage sessions and also additional information similar to a cart object. What we are not sure about is to how to best handle the session and are wondering whether there are any recommendations.

So far, our thinking is to save the session object on the rails app and always send a session id when the sencha touch app is requesting data from it. In this way all data is managed by the rails app. Any other ideas/suggestions?

cheers,
James

rossmurphy
20 Feb 2012, 7:34 PM
Anyone had experience with sessions etc?

Shridutta
21 Nov 2012, 11:15 PM
We are using REST services where session is times for 30 minutes default and mobile too needs to have a sliding session unfirtunateluy I did not find any session management module/class by Sencha.. hence I used local storage to record logintime and last action time (recorded from my navigation method before loading views). upon every next navigation I measure the gap between two navigations, if it is more then 30 minutes (it means user was not active for last 30 minutes)... I push user to login rather then desired screen.... see sample below

//Create local store on launch method

launch: function () {
var b = Ext.create("Ext.data.Store", { model: "userinfo", storeId: "logindetails" });
b.load(b);

//More launcher code comes here
}

// Create store entry on login and clean old entry
login : function (userName, pwd) {
var userInfoStore = Ext.create('Ext.data.Store', {
model: "userinfo"
});
userInfoStore.remove(userInfoStore.getAt(0)); //remove the old login recordings
userInfoStore.sync();

}

// Should check if the session is alive in navigation method using method like below
verifySession: function (fromPage, nextView) {
if (fromPage != '') {
Ext.getCmp(fromPage).destroy();
}
var userInfoStore = Ext.create('Ext.data.Store', {
model: "userinfo",
storeId: "storename"
});


userInfoStore.load(userInfoStore);
var d = new Date();
if (userInfoStore.data.lenght > 0 && (d.getTime() - userInfoStore.getAt(0).get('logintime')) > 1800000) {
nextView = Ext.create('twmsMobile.view.twmslogin');
}
Ext.Viewport.add(nextView);
}

agamil
25 Sep 2013, 5:21 AM
I don't think this solution is secure. The authentication needs to be handled on the server or an attacker could network sniff the communication to find out the URL and then direct their browser to the URL bypassing the login screen.