910823 - How To Implement Sessions In Web Services?

[hamidi]

hi

we've two kinds of clients, web client and an application which works as a client.

now our application simulates web requests by calling index.php as the web client does. we want to change it to calling web services via nusoap. but there's a problem. web services are session-less. for example, a web service is called to authenticate. the second service when called has no sense about the authentication and it's completely a separate call. someone told me that i may put something eg. a hash code in http headers to include the data provided via authentication so that the next web services read the data from header and realize the call has been for what session. this way something like session simulation occurs.

i'm not so familiar with 'http headers'. i don't know how can i do that. in the whole, i like to know what may be the best solution and whether nusoap keeps something internally like sessions so that i may read the in web services?

what's your suggestion?

thx

[Muddy_Funster]

erm.....this has what to do with PHP?

[Adam]

someone told me that i may put something eg. a hash code in http headers to include the data provided via authentication so that the next web services read the data from header and realize the call has been for what session. this way something like session simulation occurs.

 

You've essentially just described how sessions are retained normally. Cookies are sent in the request as a header:

 

Cookie: foo=bar; baz=quz

 

One of the key=value pairs is the session cookie, generally a hash, which refers back to a session file on the server containing a bunch of serialised data. You could simulate this through a different header, or as normal through the Cookie header if you want.

 

I've never actually used "NuSoap", but it just looks like a wrapper for SOAP. Personally I would keep the authentication process within the realm of the API implementation, not the server listening for the API requests. I'm not sure if this actually happens, but it's perfectly possible you might not send SOAP requests over HTTP. Much like a session cookie though, you could have a session/authentication hash passed back and forth between requests.

[hamidi]

hmm, i don't know about cookies and how to use them. i'm not familiar with realm. i'm a newbie in web apps. i've been an application developer. all of what i know about coockies are regarding browsers which must be deleted when i fail loggin in sometimes!

i'm sorry, but please guide me as a newbie.

thx

[Adam]

If I were you I would steer clear of SOAP, if you can that is. The previous company I worked for used it extensively for communicating with the ERP and I hated it. Requests and responses are so needlessly bloated, which is a bigger issue when you're dealing with requests sent over an internet connection.

 

Have a read up on the HTTP protocol -- you should be familiar with it for web development anyway. It's very light-weight and semantic, extremely well supported on any platform, and it's easy to build an API on top of (known as "RESTful APIs".)

 

Cookies are part of the HTTP protocol, and are essentially just small bits of data stored on the user's computer the browser includes with each request. Have a read.

[hamidi]

thx. i know that there're many things i've to learn in context of web programming. i'm going to begin with the last link.