Block of code for managing sessions
matslats - October 26, 2009 - 11:16
| Project: | Services |
| Version: | 6.x-1.x-dev |
| Component: | Documentation |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I'm using services for 2 Drupal instances to talk.
It seems wierd that when I connect I get a sessionID for an anonymous user, and when I login, I am given a new sessionID; also there's no easy way to check if the previous session is extant, except by creating a new session and then logging in.
I've written about 50 lines of php to manage this, but I'm sure someone else with better understanding has done it better, or at least could better explain to me how it should be done.
Matthew
#1
I've made some progress and got my session managing code down to 30 lines.
system.connect is not neccessary because it's possible to login using a random string as the sessionid.
There seems to be no way to check if a session is extant i.e. if the client is still logged in.
And login fails if it is already logged in.
But the only way I can see it working is if I assume that sessions never expire.
So should I login once, or on every request?
#2
Hi Matslats, the login may fail if the session is in use (as you said) and if the session format is not accepted by the server (the request produces an exception). When using system.connect, the server generates a valid (and not in use) session.
so, what do you mean with "system.connect is not neccessary"? I can't understand what you mean.
The system.connect should be used once to get a valid session id string, The user.login should be called once to make that session an authenticated session, and then you can use any other services with your authenticated session.
I didn't check if services code introduces expiring or session lifetime. If not, session will behave as the rest of sessions for the http server or sessions altered by Drupal+modules.