3

I am trying to develop an application using Backbonejs and SLIM framework. Now I would like to develop User Login/Log out functionality. In this case I would like to keep SESSION alive in server while user navigating from one page to another. Previously I worked one other PHP framework and core PHP and successfully implement User Authentication. SLIM framework works as API. Actually my problem is "How to know the current SESSION is alive using HTTP request to an API from Backbonejs??"

It looks messy to me. I read several stackoverflow post like below but could not come to a solution.

How to do authentication with a REST API right? (Browser + Native clients)

If REST applications are supposed to be stateless, how do you manage sessions?

How to use PHP sessions with REST client application ?

I hope anyone of you implement User Authentication using Backbonejs and SLIM Framework as API.If he/she share his/her experience with some sample code, that will be a BIG help me.

Thanks

Community
  • 1
  • 1
PHP PHP
  • 55
  • 3
  • 8

2 Answers2

2

I am not sure with Slim API. But With Restful web services there is no session concept.

Instead, You can have a http header token that carries around your auth token and this token could be persisted in table(User table for instance). A check can be made to ensure if the token is valid each time a request hits the server. Nullify the token on signout.

Post Authentication,from the success callback for signin operation you can trigger a a custom event that has been bound to load the success page.

EG:

Intialise at the application level.

var controller = _.extend({}, Backbone.Events);
controller.on("myapp:dashboard",function() {
  //your dashboard data fetch logic.
  //create instance of the view and pass fetched data.
});

in login success handler(callback) make the following call: 

Delegates to the custom controller.
controller.trigger("myapp:dashboard");

Changes the url to the correct location.
myAppRouter.navigate("tourl",{trigger:false});

Reference: http://lostechies.com/derickbailey/2012/04/03/revisiting-the-backbone-event-aggregator-lessons-learned/

Balaji
  • 949
  • 4
  • 20
0

I agree with Balaji, however he was not accurate. There is session by REST, but you have to keep it on client side. If you want to write anything into the session, you have to send it back with the response body, so the client can process and store it. If you want to read anything from the session, you have to send it with the request, so the server can process it.

So if you want to do access control, you should keep the username and password in the client's memory, and override the backbone.sync() to send auth headers every time. On the server side before authorization you have to authenticate every request probably by using a cache of {username+password} -> {identity+permissions} via memcached. By SLIM you need to extract the headers, I don't think that will cause a problem. SLIM does not have a built-in authentication and authorization support, since it is just a HTTP lib, so you need another tool to implement that part.

inf3rno
  • 20,735
  • 9
  • 97
  • 171