PDA

View Full Version : Login Form and PHP SESSION



gskluzacek
19 Nov 2010, 4:02 PM
I'm building a Ext JS application and need to authenticate my users... whats the best way to do this? BTW I'm using Designer.

Was thinking that I'd display the login form in a window and when the user clicks the submit button send the credential via AJAX. The backend php script would verify the users credential and retrieve various data about the user (full name, role, preferences, etc.) and then send the JSON response.

I'd also need the php backend script to store info into the php session and then be able to make it available to Ext JS. This is one of the spots I get stuck as I could do an AJAX call to retrieve the php session info, but with AJAX calls being asynchronous there's doesn't seems like a way to guarantee that the session has been retrieved before executing other parts of the Ext JS applicaiton.

Another spot where I get lost is once the Ext JS application get the response back from the authentication AJAX call, what should it do with it? I'd like to make the user data available to all the other windows and forms. I could put it into a user object, but how would I make that global & available to all other classes since Designer controls the xds_index.js file.

Thanks in advance,
Greg

PS. Once I get this coded up I will post the full end to end working solution.

rbastic
23 Nov 2010, 11:11 AM
There is no 'best way' -- there's a number of different solutions available depending on what is best for your needs.

Simple PHP session management (like this: http://www.watersgulchdigital.com/articles/php_auth.html ) is just that. It works for the simple case but if you need to scale up then it will no longer be appropriate for your tasks.

Session IDs are notoriously insecure. Cookie-based hijacking is VERY simple to do and allows any user on your local wifi to hack your facebook/myspace/etc profile. (http://codebutler.github.com/firesheep/ )

Also, I believe there are ways to force synchronous "AJAX" requests in ExtJS.