Jump to content

Archived

This topic is now archived and is closed to further replies.

PhpRootUser

Why Oauth(User Credentials)? Isn't PHP Session enought?

Recommended Posts

Hi.

 

After looking how oauth 2.0(User Credentials) works, why i use this if i have to put the access_token variable in a cookie of a session i have to start, lol!

Oauth User Credentials was supposed to do the job of session, but if i have to start a session for this it makes no sense...

Forget about the 3rd part application, i am discussing the need of session creation in oauth 2.0.

Also, to use Oauth, an https(secure) connection is hightly recommended.

Oauth should be used for json responses only?

Share this post


Link to post
Share on other sites

Because that token is your key to their information, their profile, their demographics; everything you need to keep up with your incoming traffic without the hassle of storing it yourself. Storing a session is easy. Getting users to create an account on your site; not so much. User friendless is key to a successful website, otherwise it's like one of those extremely complicated adding machines from the 20's, with liquid based atticuses and hand-carved wooden levers and gears.

 

There's is no substitute for a $_SESSION, it has one purpose in life, and that is to remain accessible until the site and browser sessions are terminated.

Share this post


Link to post
Share on other sites

ZANE SAID:

  "Because that token is your key to their information, their profile, their demographics; everything you need to keep up with your incoming traffic without the hassle of storing it yourself."

 

OK, but that case is when you make 3rd part applications available in your site, not when you use only user credentials.

I am asking what is the advantage of using "user credentials" instead of $_SESSION.

The user credentials receive a Username and Password, then return a token in json. Then, you have to send the token back to the server to continue to be "recognized", and what is the diference of sending him a SESSION_ID?

Share this post


Link to post
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.