1. #1
    Ext User
    Join Date
    May 2009
    Posts
    5
    Vote Rating
    0
    jean_marie is on a distinguished road

      0  

    Default PHP Session Handling and Ext.Direct

    PHP Session Handling and Ext.Direct


    Hi again,

    i have a question on PHP Session Handling.

    I have extended my Ext.Direct apllication (http://extjs.com/forum/showthread.php?t=69840) with a session handling on PHP backend side.

    The initial PHP script setups the session:
    PHP Code:
    SessionControler :: init($initialParams
    After that all the UI stuff is loaded.

    Anytime later within the client a method is called that is provided via Ext.Direct. Then router.php (http://extjs.com/forum/showthread.php?t=68186) is called:
    PHP Code:

    if (false === SessionControler :: resume())
    {
        
    // Error handling
    }

    // this should alwasy be set but if its not, then execute api.php without outputting it
    if(!isset($_SESSION['ext-direct-state'])) {
        
    ob_start();
        include(
    'coma_api.php');
        
    ob_end_clean();
    }

    $api = new ExtDirect_API();
    $api->setState($_SESSION['ext-direct-state']);

    $router = new ExtDirect_Router($api);
    $router->dispatch();
    $router->getResponse(true); 
    Now my question: What should i do, if the session could not be resumed (e.g. idle time out)? In this case it's not allowed to deliver any results. The client needs to be informed that the session is no longer valid. How can i do this? I dont't want to break the comunication between the Ext.Direct PHP backend and the Ext client.


    Thanks in advance,
    Jean Marie

  2. #2
    Ext User
    Join Date
    Sep 2008
    Posts
    23
    Vote Rating
    0
    leonardb is on a distinguished road

      0  

    Default Session handling methadology with Ext.direct Questions

    Session handling methadology with Ext.direct Questions


    Hi Jean Marie,

    Sorry to jump into your thread, but had just finished writing a post to the forum on this specific problem and thought it better to add my questions to yours than start a whole new post.

    Leonard
    ---------------

    I'm just starting to work with Ext and am especially interested in using Ext.direct with an existing application backend.

    I'm trying to understand the 'best' way to handle session state with AJAX queries as Ext does not seem to have any 'set' way to do this.
    A base requirement would be the user not losing their 'position' or data view in the application.

    My thoughts so far as as follows;
    1. In server implementation of 'direct', before passing call to method, check session status
      • If valid session, allow call to pass through
      • If invalid session, and call is not to the registered 'login' method (whatever that is defined as in backend), return the correct 'type' of response (for form or normal direct request) with a standardized error type
    2. In the client (javascript) code, have 'some' method of intercepting the response from all Ext.direct queries and examining the result before returning data to caller
      • if the response contains matching error for matching query type, interrupt process and display the login dialog with whatever received message.
      • EG 'Your session has expired. Please log on and re-submit your request'
      • if the response contains error not matching the 'predefined' error for session issues, return data to calling method with no interruption
      • if the response contains no errors, return the data to the calling method with no interruption
    In a perfect world, when the user logs back in after the expired session dialog is displayed, the request would be automatically re-submitted.

    I'm interested to see if anyone has implemented something similar and can share, or if there are glaring holes in process/logic.

  3. #3
    Ext User
    Join Date
    May 2009
    Posts
    5
    Vote Rating
    0
    jean_marie is on a distinguished road

      0  

    Default


    That's fine by me.

    Best regards,
    Jean Marie

  4. #4
    Sencha User aw1zard2's Avatar
    Join Date
    Sep 2009
    Location
    Dallas, Texas
    Posts
    575
    Vote Rating
    32
    aw1zard2 has a spectacular aura about aw1zard2 has a spectacular aura about

      0  

    Default


    Not sure if you have had these answered or not but here is a solution we are using for secure control over session time-outs and secure SSL code.

    Basically using a poll to check with the server-side every 10 seconds. This is not encrypted and just does a check and returns a simple "ok" back to the javascript.

    Our secure function does SSL encryption RSA on client side which works like this.

    We have our json data that needs to be sent encrypted with our public key then embedded into a standard json formatted sent to the same server-side function. Our function can tell when its an encrypted message cause we use a keyword for the first 5 letters of unencrypted data.

    If the poll comes back without the "ok" text we do a MessageWindow about being logged out in 30 seconds. After those 30 seconds is up we clear all EXT components and default back to our EXT login page. We have a function that if the timeout happens it also sends data to the server-side to handle logout functions for this session and do the cleanup needed. Otherwise we just extend the session timeout in our db. We also have a cleanup session on our server-side that if someone closes the window we have a worker app that checks for a recent call from the javascript if it doesn't call then it cleans up the session. It checks sessions every minute for cleanup of sessions no longer valid.

    Hope this helps.


  5. #5
    Sencha User
    Join Date
    Feb 2010
    Posts
    353
    Vote Rating
    4
    maneljn is on a distinguished road

      0  

    Default


    jean_marie try something like this

    Code:
            if(!isset($_SESSION[_APP_INDEX_SESSION]["ExtDirectState"])) {
                $api = esibase_direct::getApi();
                esibase_direct::outputApi($api);
            } else {
                $api = new ExtDirect_API();
                // Cargar el api con los valores que ya hemos guardado la primera vez
                // en la sesion
                $api->setState($_SESSION[_APP_INDEX_SESSION]["ExtDirectState"]);                
            }
    
            // Cargar el router de las peticiones Extdirect
            $router = new ExtDirect_Router($api);
    
            // Control de login ok. Cualquier peticion EXTDIRECT se cancela con requiereLogin = true si no hay sesion abierta.
            if (!esibase_sesiones::esSesionOk()) {
                $response = array(
                    'type' => $router->data->type,
                    'tid' => $router->data->tid,
                    'action' => $router->data->action,
                    'method' => $router->data->method,
                    'result' => array( 
                        'success' => false,
                        'requiereLogin' => true
                    )
                );            
                if(!$router->isForm) {
                    header('Content-Type: text/javascript');
                }
                echo json_encode($response);            
                exit();
            }    
            
            // Lanzar el router dispatch del extdirect                
            $router->dispatch();
            $router->getResponse(true); // true para imprimir la respuesta instantaneamente
            exit();