PDA

View Full Version : Loading data store from protected url



predator
23 Mar 2010, 10:32 AM
Here is what I have already setup.

Project on local host using php (zf) as server technology. Already spent sometime building complex session authentication to protect the access to the controllers/actions.

I am calling the server to provide the data like this http://localhost/project/controller/getdata for example. Apparently as the ext designer app is not authenticated to access this url it trows an error.

Any clue on how can I authenticate the ext... I have seen some programs embedding a small browser app to deal with such a scenarios... for other is enough if you are already logged in with internet explorer.

The designer has some browser implementation in it probably... in order to make those data store calls. Can you give me some more information on the agent and the engine that is using.

Thanks

aconran
23 Mar 2010, 10:58 AM
It is using WebKit. We're looking into how we can add authentication support to it.

What type of auth are you using?

predator
23 Mar 2010, 4:28 PM
Authorization is as follows

1: form is displayed to the user (this is the only not extjs part)
2: data is send with post to the server
3: server validates the data with whatever is stored in mysql
4: if credentials are good, the instance of zend auth is using session + tracking cookie to store the identity for further use.

Also as the rest of my application is completely extjs... I had to figure out how to kill the interface in case the session has expired. This was a little bit tricky because even if I try to redirect the browser to the auth location... the ajax calls are thinking that the auth page is the server response to their data calls.
I solve this by making my server to send 401 code in case the session has expired and also create Ext.Ajax.on('requestexception', function(conn, response, options) {...} checking for 401 responds and redirecting the user to auth page.

I want to ask is this a good approach to solve expired sessions when the interface is already loaded or there is a better one?

Thanks

mid
24 Mar 2010, 11:12 AM
4: if credentials are good, the instance of zend auth is using session + tracking cookie to store the identity for further use.


AFAIK, there is not yet cookie tracking in the engine used in the Designer. That may be your problem.