I'm building an iOS application which fetches all of it's data from an online API.
The API requires that the user is validated before other resources may be accessed and each subsequent request must send a valid session ID.
What's the best way to persist the session ID from controller to controller?
Set it as a global somewhere? Save it as an entity? Or pass it as an attribute from controller to controller at each segue?
Advice appreciated
Store the token in NSUserDefaults rather than injecting as a property or ivar on every controller. I'd also extract it from defaults in the object or shared instance that handles your web service/ API interactions (rather than have every controller look it up).
PS: If you want secure storage, use the Keychain.
Related
I'm building an app using Vue and Rails.
I have both the frontend and the backend separate (in separate folders)
The frontend is generated with vue-cli.
I have a situation where, I want to send some data to the backend via websockets, I want to set that data in something like a session object, and then access that data again on subsequent websocket interactions. Is that possible?
Would I need to set some kind of token in the browser, some kind of identifying token?
This seems like it would be a common problem but I can't find any information on it.
If you are utilizing session in rails websocket/connection.rb you won't be able to access it directly, but you can access it through the cookies object. The rails docs say this is labeled ['_session'] but for me on my browser it was ['_session_id'] then whatever data you set within session like a user id ['user_id']
cookies.encrypted['_session_id']['YOUR_DATA']
I have an application that has an actual map of objects that any visitor can view as long as they have the correct access code. I don't require the user to login because I don't want to make them create an account as it is unnecessary. I want to allow the users to mark the objects on the map with a check and save the edits within the session. So if the user refreshed the page or they close the application and reopen it an hour or so later, I would like to save their marks based off their session id. But I am confused on how to set this up without requiring them to login because I am unsure how the sessions would work.
Any help would be greatly appreciated!
Sessions in Rails work the exact same way regardless if you have a proper authentication system or not.
When a first time visitor visits your application the sessions middleware creates a session identifier. This is a cryptographic hash that is kept by the server and also passed to the user in a cookie.
This lets you identify users across requests.
This session identifier is also linked to a session storage. By default this is ActionDispatch::Session::CookieStore which lets you store session data in a encrypted cookie held by the client. This is where you would normally store a user id. Since its a cookie the amount of storage space is very limited. If you want to store more data in the session you can use a different store such as Memcached, Redis or ActiveRecord.
But what you may want to consider is creating (guest) user records implicitly without the normal sign up procedure. I would just use Warden and have a bare bones user model and a cron tab that cleans out unneeded data periodically.
This gives you a database oriented application model where you can use associations and build it like a standard rails application instead of the untestable mess that results when someone goes bonkers with sessions.
I would implement Cookies (with their permission of course). You can store basic data in it, or even create a sort of ID for them so when they return you can restore their settings
Let's say I'm making a Rails app that registers a user with Github's OAuth and then makes Github API calls on their behalf. It seems logical that I store the user's OAuth token as a session variable.
I could put an api_request method in a GithubAPI model, and pass in the access token as an argument each time I want to call it, but that's not DRY.
I'd like to put the method in the model and just access the session from inside the model, but you're not supposed to access session variables in a model.
I could put it in a GithubController, but you're not supposed to make calls from one controller to another.
Which is the lesser evil? Is there some better alternative?
Your first suggestion is correct. What you should do is make a attr_accessor called current token on the user model. initialize that value when you get the current user so methods on the user model have that variable available.
i want to set session variables from web api controller and access it into App.js method is there any way to access like that ?
i'd already tried using :-
HttpContext.Current.Session
but i'm not able to set and access session variables globally and access it on second page ...
There is no session mechanisim on web api beacuse it is against restfull idea.
If you need to store data like session you may consider to use
Http Cookies
http://www.asp.net/web-api/overview/advanced/http-cookies
Encrypted tokens which has the information you want to store.
Use an MVC application like web api (playing with routes)
Don't store sensitive data and use HTTPS
I have something like this on my application controller.
def selected_position
#position = params[:position] if params and params.has_key?(:position)
end
Even with that validation, the value get lost accross the controllers calls. I don't want to use session for this, so there's any solution to keep that value? Thanks!
A solution is to store the position on client side. Maybe local storage is a good option. But be aware that the data can be changed or leaked.
HTTP is stateless by design and so, Rails controllers. The only way to store that between controller calls (a.k.a. sessions) is to store data on client side - session, cookies (or local storage), or server side - database, memory, file, ect.