Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
How would I break execution of a rest request if I have an invalid session key
  • bperinbperin
    So for my API I use session keys. In my old API I would check the session key to a key stored in the db if it didnt match up an error was thrown and thus code stopped. If I make a request to example.com/api/something.json?session_key=1234&api_key=asdf I will check the credentials in the before() method, but if the session is invalid how to I stop the request from executing the called method "something". Code for example 
    <?

class Controller_Api extends Controller_Rest {

    public $response;
    private $user_id;
    private $data;
    private $success;
    private $message;
    private $output;

    public function before($data = null) {

        $this->success = false;
        $this->message = null;
        $this->output = null;
        $this->code = 200;

        $valid_session = false;
        
        $api_key = Input::get('api_key');
        $session_key = Input::get('session_key');
        
        //do some db logic to determine if a valid sessioin
        if($valid_session == false){
            //send back error and I want to stop here
            $this->message = 'invalid session';
        }

 
       
        return parent::before();
    }
    
    public function get_something(){
        echo "doing something because you have valid credentials";
    }

    public function after() {
        $this->response(array('success' => $this->success, 'message' => $this->message, 'output' => $this->output), $this->code);
        return parent::after();
    }

}
  • HarroHarro
    Other than an exit or a redirect, I wouldn't know of ways to stop execution from a before() method. The method wasn't designed to be used for this. Use router() instead, and only call the requested action if the validation is successful.
  • bperinbperin
    Ok, I overrode the router() method and got the functionality i was looking for. thanks.
  • Phil SturgeonPhil Sturgeon
    REST is stateless, why are you using Sessions?
  • nerdsrescuemenerdsrescueme
    As I understand it REST should be per request. Each request should Authenticate... I mean, it's not set in stone, but that's best practice... May I ask why you're keeping Sessions?
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion