Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Anyone implement shared sessions between fuel/php and other languages?
  • I am using fuel for the core of my application.  I am starting to write some services that are better suited for other languages outside of fuel.  My first ones are in node.js

    I would like to have some of those services be accessible by calls within an already established session.  Right now I am using the db for sessions, moving later to memcache most likely.

    In digging around the SimpleAuth code it looks like two things I would have to deal with from a sharing perspective, given I pass the session_id around are:

    1) Be able to decrypt the cookie
    2) DeSerialize/Serialize the session payload data.

    It seems these are feasible, wondering if anyone has implemented anything similar before, regardless of node, python, ruby, etc.

    Or, any suggestions on making tweaks that would maintain some security while allowing sharing/setting of session between fuel and another language setup
  • Harro VertonHarro Verton
    Accepted Answer
    All possible, but not simple. You need the same encrypt/decrypt routines, you need to keys used, etc. You also need access to the backend in case the payload is not in the cookie.

    I personally wouldn't bother. Instead, I would provide a secured webservice (REST API) with which other applications could interact with mine. And that could include getting data from the session.

  • I would definitely like to avoid implementing this, but feel doing API/proxy method will defeat the purpose of offloading these higher volume/persistent connections.  I am trying to avoid any interaction that would slow things down, would like to make all session/data reads from db/cache services.

    Here is a high level of the service/auth setup I am getting going today:

    1) Have main app, using Fuel and SimpleAuth

    2) Have mobile app using Fuel and either custom REST API calls or Oauth2 to start sessions then accessing the API from there

    3) Active users via mobile/web will have certain background/polling calls hitting node.js service

    4) 3rd parties will be accessing main REST API via Oauth

    I have thought some about having main app use Oauth (ninjaAuth for instance) as well and that way any endpoint talking to the service is to initiate a session via Oauth first, session established.., then make calls going forward where given proper Oauth token any service/endpoint could retrieve/set the session data and any needed cookie items.

  • As of 1.6, the session cookie only stores the session id, which doesn't have to be encrypted. So if your other apps can access the storage backend you store the sessions in, they can access that directly using the session id.
  • In that case I will go with setting a session id cookie right now, revert post 1.6 upgrade.  Then give a pass at deserialize/serialize via my node services into the payload column in the session table

    Last will be to figure out how to mix in the Oauth stuff, but will cross that bridge once this other stuff is working

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion