php - What is the best way to implement login for a webservice? -


i have php webservice can called (from mobile phones) perform task. these tasks done, caller must "logged in." best way handle authentication?

currently, i'm using sessions. client calls login api, , other api needed. i'm concerned impact of having 200,000 people calling service , have of sessions. not sure how server respond. tips? how typically handled? facebook, flickr, etc....

if being called custom client program (i.e. mobile phones), , not browser, why "log them in" @ all. rather, use http authentication (either digest or basic if you're going ssl, or own scheme), , "log them in" every time.

then don't have worry sessions, load balancing, , fail over, etc. keep stateless.

addenda:

certainly, fewer hits db better, that's general rule. @ same time, many hits db handled cached pages on db server, or possibly application caches never hit db server. so, in cases, particularly single row queries against indexed column, db hits can cheap.

now, 1 might consider if they're both stored , readily accessed, what's difference between cache bit of database, , unique user session.

well, primarily, difference in contract data. cached item has lifespan directly proportional amount of memory have , amount of uncached activity happening. give small amount of memory, , cached item has short lifespan. give lot of memory, , cached item has better chance of hanging around. if amount of memory cached data large enough repeated activity data continues use cache, cache big win. if cache recycling fast nothing ever "in" cache, cache has no value. point system work or without cache, cache performance enhancement.

a session, however, has different contract. many sessions have specific, minimum lifespan, typically measured in minutes: 10, 20, 30 minutes.

that means if user hit site once, must dedicate resources user if never comes back. have to, otherwise session offer no value.

if lot of traffic, lot of new sessions manage. in theory, under bad circumstance, sessions can spike without limit. if 10,000 hits on site, manage remains of hits minimal lifespan of session. have dedicate resources (memory or disk) them, have keep track of them, , then, inevitably, have clean them up.

a cache fixed resource. grows size configure it. have no obligation keep in cache, , discussed earlier, system function or without cache. caches naturally recycle. if surge of 10,000 hits, they'll possibly roll cache, after leave no mark on system. can hit , gone in 1 or 2 minutes, never seen again.

finally, sessions, need share them among infrastructure travel user if hop machine machine (for whatever reason). caches don't. ideally want keep user local set of resources, caches can job, system works whether move or stay (it works better if stay, because of cache reuse). if don't replicate sessions, don't work @ all.

db hits add up, can cheap, they're never free. session has own costs well, important consider them both , how apply within architecture.


Comments

Post a Comment

Popular posts from this blog

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

php cli reading files and how to fix it? -

while using php cli in ubuntu got apache web server cant read file can while using in browser. , error shows nothing , next used code testing purposes : <? $handle = fopen("testfile.txt", "r"); if ($handle) { while (($buffer = fgets($handle, 4096)) !== false) { echo $buffer; } if (!feof($handle)) { echo "error: unexpected fgets() fail\n"; } if(!is_readable($handle) { die("not readable"); } fclose($handle); } ?> how fix ? edit : after removing '@' before fopen got following error fopen(testfile.txt): failed open stream: no such file or directory in /var/www/log/ka.php on line 2 when run script through cli, uses shell's working directory, in opposition file's directory (which apache hands current directory). important you, since fopen call depends on relative path; , relative paths resolved relatively working directory, not script. to have script behave apache, eit...
Read more