Here is what i did:
1. used HTTP Basic Authentication
class AppController extends Controller {
public $components = array(
'Session',
'RequestHandler',
'Auth' => array(
'authenticate' => array(
'Basic' => array(
'fields' => array('username' => 'email'),
'realm' => 'touch'
),
),
)
);
}
2. created a login method which lets cross domain requests and cros domain authorization
class UsersController extends AppController {
public function login() {
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Authorization");
$response = false;
if ($this->Auth->login()) {
$response = true;
}
$this->set('response',$response);
}
3. i've added this line to router file so that i can use json
Router::parseExtensions('json');
4. in the client side, i make login request using ajax like this:
$.ajax({
url: url,
dataType: "json",
crossDomain: true,
beforeSend: function(xhr){
xhr.setRequestHeader("Authorization", "Basic " + Base64.encode(email + ":" + password));
},
success: function ( response ) {
console.log(response);
},
error: function (xhr, ajaxOptions, thrownError) {
console.log(xhr);
}
});
The problem is that after i login successfully the next ajax requests get 401 (Unauthorized), i've tried to debug the problem and it seems that once client login, the next ajax requests get 401 because the get user method in BasicAuthenticate class can't get the user via env('PHP_AUTH_USER') and env('PHP_AUTH_PW')
Any idea why after successful ajax login the next ajax requests get 401 (Unauthorized) response?! why the authentication system can't get user by
env('PHP_AUTH_USER') ?
On Friday, June 22, 2012 1:05:27 PM UTC+4:30, Dr. Tarique Sani wrote:
See http://book.cakephp.org/2.0/--en/core-libraries/components/ authentication.html#creating- stateless-authentication- systems
Tarique
On Tue, Jun 19, 2012 at 3:35 AM, Arash wrote:
> Hi,
> We are working on a mobile app for our SAAS website which uses Cake 1.3,
> we've decided to use Jquery mobile+ Phonegap so we will use the HTML5 power
> for building a mobile app.
>
> The whole app is an HTML page with a few js ans css files which will be
> running natively on the mobile and will interact with server with Ajax.
>
> The problem we encountered here is that using the cakephp Auth the session
> id is not being saved on the browser (because the page is not being served
> from a webserver i think) so we don't have access to the session and we
> can't know for sure if the user is authenticated or not.
>
> I've seen some mobile authentication systems that provide a Token after
> login, save it in browser local storage and send this token with each ajax
> request to the server, the server checks the token and if it is valid then
> severs the data.
>
> Is there any reasonable way of authenticating users on a mobile app using
> the Auth component?!
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at
> http://groups.google.com/group/cake-php
--
============================================================ =
PHP for E-Biz: http://sanisoft.com
============================================================ =
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment