php - What would be good UserManagement practices for a multi-platform WebApp -


i'd advice on used robust frameworks/code (ror, zend, symfony, django..).

i use user management system (understand: login, logout, user logged, user_id, username, etc..;) simple et tiny framework (usercake). i'm refactoring code, making api iphone/androi/js use , i'd refresh piece of code. need know if rearrange classes, dependencies, classes , keep same process or if need change things.

current state of play
after user signin, retrieve data, serialize it, create sessionid. store sessionid in user cookie , serialized data on db table links sessionid , data.

then, on website, each time page requested, retrieve db serialized data matching sessionid user has in cookie/session. make query sure username , hashed password matches in db , user still active (not banned or removed). same made api (the iphone, android, js must give me sessionid).

i've got cronjob deletes session table 1 expired. when user logs out, it's same, delete line in db , clear user cookie.

what i'm looking for
explained above seems me. secure enough ? needed double db check each time fine w/ username , password, can't trust serialized data in session table?

how done in famous frameworks (django, rails, symfony..)?

first:

after user signin, retrieve data, serialize it, create sessionid. store sessionid in user cookie , serialized data on db table links sessionid , data.

when "retrieve data" wasn't database already? why serialize data , put part of database? why not store user id in session variable, , use query user info may need?

second:

i make query sure username , hashed password matches in db

where getting username , password each request test against db? sounds though testing user , pass store serialized in db against original info in db. if so, match, set yourself.

third:

why use cron job remove expired sessions? sessions have built in expiration mechanism.

typically, want secure session using fingerprinting and/or trending. can save user's primary db key in session variable, , use each request retrieve user data may need. also, shouldn't need create session id , store in cookie yourself. php handles mechanism when call session_start(), , store session variables want save in $_session superglobal array. of frameworks mentioned open source, if want, can through code , see do.


Comments

Post a Comment

Popular posts from this blog

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

java - Output of Eclipse is rubbish -

i want write program in eclipse language different english. when display output using system.out program, displays output correctly in console editor. when accept input console , output it, output rubbish. how can solve it. many thnaks i'm not sure if problem, have character encoding problem. make sure you're using unicode, utf-8. you can read more @ official docs converting non-unicode text .
Read more

jquery - Confused with JSON data and normal data in Django ajax request -

i read json internet still have not got grasp of it. reading article http://webcloud.se/log/ajax-in-django-with-jquery/ i not understood first part function using json def xhr_test(request, format): if request.is_ajax(): if format == 'xml': mimetype = 'application/xml' if format == 'json': mimetype = 'application/javascript' data = serializers.serialize(format, examplemodel.objects.all()) return httpresponse(data,mimetype) # if want prevent non xhr calls else: return httpresponse(status=400) my main problems are from function getting format variable does format json mean data given function json or data recived json can give me simple example ouput of function data = serializers.serialize(format, examplemodel.objects.all()) how use data when response in jquery function if don't use json in above function how input , response chnage thanks ...
Read more