Right now I am checking if a user's session is valid by requesting something that requires a valid session and seeing if it returns access denied or a success. I'm looking for a better way - and that might mean a feature request, or simply that I don't know the correct way.

How about calling api/session/valid where you pass the session name & id and a true or false is returned depending on the state of the session.

Really, I'm just looking for the right way to do this. Any help is appreciated.

Comments

drewschmaltz’s picture

Category: feature » support

Obviously I was wrong about this being a feature request as it is already handled by system connect. I now need help: my system connect returns nothing at all.

drewschmaltz’s picture

I would recommend changing the system.connect to read what it actually does. I would recommend changing what it returns.

If you don't pass it a sessionid - it would error: "no sessionid".

If you pass it a session variable but it is invalid or expired it says "invalid or expired sessionid".

If you pass it a session variable and there's a valid sessionid it returns the user information.

EITHER WAY.

Here's my function that uses my class. I'm a bit of a amateur so, if anyone sees a better way of doing this, please let me know...

function validSession() {
	if(!(isset($_COOKIE['SessionNameId']))){ print "false"; }else{
		$request = new RestRequest('http://mainstreetmower.com/api/test/user', 'GET');
		$request->setCookieSession($_COOKIE['SessionNameId']);
		$request->execute();
		$result = json_decode($request->getResponseBody ());
		print (isset($result[0]->uid) ? 'true' : 'false');
	}
}
drewish’s picture

Yeah that does seem confusing, system.connect *says* it returns "the details of a new anonymous session" but it looks like it should return any user.

Update: that should have read the *current* user... which might be anonymous.

ygerasimov’s picture

Status: Active » Fixed

system.connect return drupal object of current user. So if you have session id just put it in the cookie and check what user system.connect will return. If it is user you expect -- he is still logged in. If anonymous user -- your session has expired. I don't think we need to change this.

Here is code of system.connect callback

<?php
function _system_resource_connect() {
  global $user;
  services_remove_user_data($user);

  $return = new stdClass();
  $return->sessid = session_id();
  $return->user = $user;

  return $return;
}
?>
drewish’s picture

Component: Code » Documentation
Category: support » bug
Priority: Normal » Minor
Status: Fixed » Active

ygerasimov, then "the details of a new anonymous session" is incorrect, it's the current session. we need to fix the docs for that. and we should also expose a description in the UI since it's not at all obvious what that method does unless you open up the code.

ygerasimov’s picture

Status: Active » Needs review
StatusFileSize
new542 bytes

Ah. Understand. Do you think attached patch changes are good enough description?

I completely agree that it would be nice to have description of actions, relationships and targeted_actions in the UI. But I think we should create separate issue for this.

Status: Needs review » Needs work

The last submitted patch, services-1642412-system-connect-better-documentation.patch, failed testing.

drewish’s picture

Status: Needs work » Reviewed & tested by the community

Yeah that's great.

ygerasimov’s picture

Status: Reviewed & tested by the community » Fixed

I have added 'help' property of the connect method and comitted to both 7.x-3.x and 6.x-3.x branches.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.