Hello, I’m creating a serie of “WebServices” from a rails application so
that an iOS App will be able to communication with the WebApp. Basically
I’m creating functions that get a json request, analyse it and send a
json
result…I’ve never done that before and I have a huge problem: I have
no
idea how to manage session for WebServices. The idea is that a user log
from the iOS App to the WebApp using a webservice. I was able to create
a
function that does the login but how do I do to remember the user next
time
the App calls a webservice? In my WebApp it’s pretty easy, I check the
session for user information but in that case I have no clue about what
to
do…I thought of saving the session in a DB table but doesn’t seems
like
the best solution, is there any way a session can be loaded from a token
or
something?
Oh, I’m working with rails 2.3.5 btw…
El lunes, 25 de febrero de 2013 22:04:47 UTC-6, CiriusMex escribi:
You probably want to assign some kind of Token/API Key to each user. You
can use that in your requests (be it in the request params or in the
header) and then authenticate in your controllers. I would look into the
“authenticate_or_request_with_http_token” method which checks your
request
headers for the Token. Then in your iOS application, you can ‘login’ a
user
by saving their API key (I’m unfamiliar with iOS…I know Android has
SharedPreferences and Database possibilities for storing data) and then
each time you need to use communicate with the Rails web service, pass
that
Token in the headers or however you do it. I believe you do not need to
simulate/worry about ‘sessions’.
Now that I look into the http_token method I recommended, it doesn’t
look
like it was implemented until Rails 3.0 and you mentioned your on 2.3.5.
Taking that into account, there are other ways out to accomplish the
same
thing if you go with the token-in-the-header approach. One that I can
think
of is just pull out the token in the request header manually then do the
authentication.
Ok, I added the token and it works just fine to authenticate the user
each
time a webservice is called, the thing is using a session would be more
easy that to send all the data needed when a webservice is called (some
of
them are pretty tricky), is there any way to create a retrieve a session
precedently created? With an id or something maybe? I google it but
didn’t
find any usefull answer…
El martes, 26 de febrero de 2013 03:53:18 UTC-6, Derek M escribi:
Well, after looking further it seems that I would have to use a DB
Session
Storage system as I though and I’d rather avoid this so I guess I’m just
gonna go with the token and that’s it
El martes, 26 de febrero de 2013 13:06:59 UTC-6, CiriusMex escribi:
Ok, I added the token and it works just fine to authenticate the user
each
time a webservice is called, the thing is using a session would be much
easier than sendding all the data needed when a webservice is called
(some
of them are pretty tricky), is there any way to retrieve a session
precedently created? With an id or something maybe? I google it but
didn’t
find any usefull answer…
El martes, 26 de febrero de 2013 03:53:18 UTC-6, Derek M escribi:
If you’re going to be using this verification everywhere, you could put
your Token verification in your ApplicationController as a before_filter
then you can always skip that for certain controller actions you don’t
need
it.