I would like to keep the session in asp.net active. does this can be achieved by accessing only webmethods. And the reason is that page contains a live streaming from other sites and which can be accessed only by members.
If it isn't possible, please give me suggestion.
There is an attribute you can apply to enable session on webmethods/webservices.
Related
I'm developing a service, that uses social graph.
There is a separate module, that manages user connections, that is basically responsible for all related operations. In some services, you need to know all user connections, to provide correct responses.
The way I see it there are 4 possible options to implement this:
Server based connection support.
1.1. Each time social graph data requested ask for friend list from the module, and process corresponding response.
1.2. Have internal cache with Key - playerID, Value - all player connections, add responsibility to update this cache to connection module, and use it instead of referring to this module.
Client based connection support.
2.1. Add a special Cookie with the list of all friends, so that server could just read that Cookie and provide needed information, without talking to the external module. (This can be secured, by for example providing some signature for the Cookie, and optimised by adding some path, for all the connections related data)
2.2. Add a connection management layer in Client, so it would explicitly request all needed information, by providing a list of connections on each request.
As I look at facebook Cookies, there is a fr cookie, which I can speculate used for this kind of functionality.
How facebook solves this?
If you just want to maintain a list of friends for each user you don't need a full social graph. A simple list of friends stored in your database would work fine.
Client-side storage is typically only for caching or session data, you don't want your users losing their friend list because they re-installed their browser or switched computers.
If you do want to implement a full social graph have a look for a graph DB. Neo4J is one I've used and is fairly easy to get started on.
I have been asked to use ember for front end and java rest services as the backend. I am trying to figure out how to manage session for a particular user.
i know there are couple of options like storing in the local store, cookie but they are error prone as some users might disable those features. I want to know what is the preferred approach in normal enterprise apps.
Mine app is simple 15 page app. i need to capture user, and some profile details.
Session are usually more of server side part. You have to just make sure whether the provided session is available or not for every transformed route and request. There is a library which takes care of authentication and authorization in ember https://github.com/simplabs/ember-simple-auth.
It seems that basic functionality such as user login, can not be done in simple manner: to have username and password field in form on client and based on that to create store.readPathAccess model access rights. Also, how to check if user is logged in to implement access rights on routes?
Based on examples and (poor) DerbyJS documentation, if I understood it correctly, you have to implement login in server module (lib/server/*) because:
store.readPathAccess must be used in server side
you want to store data in model session (which can be read only on server side)
But many questions arise:
if it has to be done on server side, how to get and store client form data on server side without having problem with second item below on the list (I have done it with manually submitting data to server-only route, but can not then save it in model with local key because I have to redirect to client route after that and local model data is lost)
how to read later that data if it must be stored in session?
even if the store access rights for model is managed, how to check if this specific user is logged in when in client routes?
I'm quite confused at the moment... liked Derby principles, but this authentication problems are playing with my nerves seriously.
I know I may not be quite clear, but there are many points to go in details and if anyone can help I'll gladly give more required info.
Thank you,
Eddie
I found this library today called derby-auth.
It uses passport for signing in and has a good example using a simple register and login form.
What it does is to set some routes on the server for logging the user, and a middleware to tell the client if it's logged or not.
It does have some bugs (a few callback calls missing that break some things), so i wrote my own based on that, but must clean a lot of things before uploading anywhere.
i'd be glad to send it to you if you want to, though.
The most current library is https://github.com/derbyparty/derby-login
It has been updated pretty regularly and works with derbyjs 0.6
I'm working on a small marketing project with Zend Framework, the backoffice of the project is currently made of two controller: a campaign controller and a minisite controller.
The user create a campaign with a form, then he have to create a minisite with a second form linked to this campaign, so i need to get the campaign and the user id when saving the data of the minisite.
What is the best practice and why? should i pass those variables in a session object? or should i pass those variables through a route like :
/backoffice/minisite/create/:userid/:campaign/
Edit: users are logged and authenticated when creating campaigns
Assuming users have to be logged in to do this, you could store the user information you need in a Zend_Auth identity
If not, you could store the data in a normal session var with Zend_Session or redirect to with the route. Either option is good, so it's up to you to pick the one which best suits you and your application.
For passinf information between two controller the best way is to use session to store the values globally . :-)
I'm pretty sure users need to have an account to do these things. If yes, there campaigns and minisites will be associated with them in some way. I'd store and retrieve these things from some form of database.
If you're not having authenticated users and you really just need to pass two variables to another action, use url parameters but be aware of the fact that users can mess with them and a lot of unexpected stuff can happen. Storing in the session is harder to manipulate in that way.
So, if no authentication is involved and the site is public, use the session, otherwise use neither but use storage.
I would use the route option, as you suggest. Using sessions is going to end up being very difficult to test, debug, extend in the future etc.
Hi,
I am building a ASP.NET MVC 2 website and need to bound the current user/session to some data. The following is possible solutions but what is best practice?
Create a GUID and set it as hidden field on view, the data will then be saved in a singelton object (like a cache). the security will however not be the best(the user could change the value of the hidden field).
Use Session.SessionId. to maintain the same SessionId between calls I need to store somthing in the session which feels wrong? Im not sure if there is any security problems here?
BestRegards
My Solution : I ended up to create a GUID for the current client and then set this as a hidden field on the form. I did however had some problems to get the hidden field to be rendered correcly, see : ASP.NET MVC 2 HiddenField is empty?
Maintaining state across web requests is always a challenge as the web is inherently stateless.
Whether you use a hidden Guid (or other system-unique identifier) or a session ID in a cookie, both are open to abuse. That said, most systems that implement a 'session state' do so through the use of cookies.
The purpose of the session state 'bag' is to store information between web requests, exactly the objective you mention, so while it may feel 'wrong' it is a very commonly accepted approach. Remember, only the session ID is stored with the client browser, not the actual session data; that's held at the server.