I have a REST API which uses Django Rest Framework, so what i am trying to achieve is:
When a user makes a request to the API, set the session. This session
contains a random string.
After session is set in DRF request, retrieve the session in Django channels and when user connects, send him back thru Websocket.
But i am unable to get the session in Django channels.
I can't attach the code where i am setting the key in the session because it is huge code. I just attach a simple line:
request.session['random_key'] = 'somerandomkey'
This is my django channels code:
This is my channels code:
def connect(self):
# Don't let anybody
if self.scope['session'].get('random_key'): # Not working, i am not getting the random_key
async_to_sync(self.channel_layer.group_add)(
self.scope['session'].get('random_key'),
self.channel_name)
self.accept()
BUT! When i make a request to the API, and i set a session, then this session set is not available in the session in channels. If i set the session in "normal" Django request, it exists in Django channels sessions. So the problem is with Django Rest Framework, i am not getting the sessions set in Django Rest Framework into channels scope.
Related
I am trying to integrate an authentication system with Graphql and rails that communicates with a React front end and I would like to know what is the best way to do it for a production environment
I know that this might involve using jwt but I would like to know how would you do it?
When the user signs in/up from the react front end it sends the request to the rails graphql api that authenticates the user. Then when the authenticated user makes a request/query it, the backend first makes sure that the user has access to the resources that he is requesting and then send those resources in json to the react front end
This is a bit of an open-ended question. It's probably not really possible to write a specific answer to your question, but here goes nothing.
There are multiple ways to set up authentication with GraphQL. First of all, it's important to understand whether your user is allowed to make any GraphQL queries at all without being authenticated.
You're saying you're authenticating the user with your Rails GraphQL API. Are you doing this with a mutation or with a REST call? If it's just REST and the user isn't allowed to use the GraphQL API without authenticating then you may just be able to block the user from interacting with the GraphQL API at all, when they're not authenticated.
Otherwise it's common to check whether the user is authenticated and if so keep the user data in your GraphQL query context. Then you'll now — per query — whether the user is authenticated.
When the user is attempting to access any resource that they may not be able to see or are attempting to send a mutation without being authenticated, then you can just end the entire query/request with a GraphQL error.
Since GraphQL errors are still considered part of a successful HTTP request you can handle them as usual in your front end as part of the UI. They'll be listed in the usual errors array of the response, as specified in the GraphQL spec.
Regarding JWT, you can of course use JWT to authenticate the user, which requires you to either store a token in a cookie or somewhere else in the user's browser. Typically you'd just send the token in the Authorization header with every GraphQL request.
I'm building an app using Vue and Rails.
I have both the frontend and the backend separate (in separate folders)
The frontend is generated with vue-cli.
I have a situation where, I want to send some data to the backend via websockets, I want to set that data in something like a session object, and then access that data again on subsequent websocket interactions. Is that possible?
Would I need to set some kind of token in the browser, some kind of identifying token?
This seems like it would be a common problem but I can't find any information on it.
If you are utilizing session in rails websocket/connection.rb you won't be able to access it directly, but you can access it through the cookies object. The rails docs say this is labeled ['_session'] but for me on my browser it was ['_session_id'] then whatever data you set within session like a user id ['user_id']
cookies.encrypted['_session_id']['YOUR_DATA']
i want to set session variables from web api controller and access it into App.js method is there any way to access like that ?
i'd already tried using :-
HttpContext.Current.Session
but i'm not able to set and access session variables globally and access it on second page ...
There is no session mechanisim on web api beacuse it is against restfull idea.
If you need to store data like session you may consider to use
Http Cookies
http://www.asp.net/web-api/overview/advanced/http-cookies
Encrypted tokens which has the information you want to store.
Use an MVC application like web api (playing with routes)
Don't store sensitive data and use HTTPS
I'm working under rails and, as a beginner, I am trying to understand how the session feature works.
I put my sessions under active record, but when I do this:
#request = Facebook::Request.parse_signed_request(params[:signed_request],
Settings.facebook.app_secret)
puts session
#admin = Admin.find_by_fb_userid(#request["user_id"])
session[#request["user_id"]] = #admin ? #admin : nil
My session continue to display:
{}
Thanks for your help !
How session works?
HTTP is a stateless protocol.It means that it treats each request as an independent transaction
that is unrelated to any previous request so that the communication consists of independent
pairs of requests and responses.
A stateless protocol does not require the server to retain session
information or status about each communications partner for the duration of multiple requests.
The protocol provides no means of storing a user's data between requests.
Therefore, we use Sessions, which allows us to chain multiple requests together into a conversation between client and server, so temporaly keep data.
Session is a hash, so you can add a data into session like to regular hash:
For example, to add a new order into the session can look like this:
e.g. OrdersController
def new
#order = current_user.orders.create # creates a new order for current_user
session[:order] = #order.to_params # adds order information to the session.
end
Sessions can store any kind of string data, but best served by keeping it as small as possible for both speed and security,as third party users can easily decode what information is stored in sessions.
UPDATE
by default session data are stored as cookies but Rails allows to configure session storage in database using ActiveRecordStore or inmemory storage with Redis and Redis store. Each approach has its advantages and disadvantages.
Try printing the session value instead of whole session object:
puts session[#request['user_id']]
Do this before and after setting a session. And make sure you cleanup the session before testing this in browser (clear cookies or start incognito session).
And last but not least, it a bad idea to store whole objects in session. This way you are storing way more data in the session than needed. Try storing just the object id (in your case #admin.id) and then load it whenever needed.
Ok my fault was that I was working on a facebook app I guess and for every refresh, the session is reset by the peer.
But when I continued in my process, everything instantly worked.
And even if session is a stateless protocol, it is used, through the storage that is used to keep the session active all along the session.
Like in PHP or every single language
I'm coming from PHP background and have a question regarding RoR user sessions. By default PHP uses file storage with write locks for user session data. So it prevents processing of multiple requests by the same client at the same time. How does RoR behaves with sessions?
The default session store in rails store the entirety of the session data in the session cookie itself (known as the cookiestore).
One side effect of this is that if 2 overlapping requests both try and update the session then the last one to send a response back to the client 'wins'.
I don't think any of the session stores commonly in use with Rails have the concurrency property you describe.