1

I have API login using session, when mobile apps use login feature actually they hit the API. In API login, i made session login so when the user login it give response session. check my code below:

  public function user_post()
  {
    $data = array (
      'username' => $this->input->get_post('username'),
      'password' => sha1($this->input->get_post('password'))
    );

    $result = $this->login_m->user_check($data);
    if ($result ) {
       foreach ($result as $row ) {

        $sess_array = array(
                    'username' => $row->username,
                    'email'    => $row->email
                    );

        $this->session->set_userdata('logged', $sess_array);
        $this->response(array('success' => $this->session->userdata('logged') ));
      }
    } else {
      $this->response(array(404 => 'missing parameter'));
    }
  }

and the response will be like this below:

  * {
  *  "success":
  *  {
  *    "username": "johndoe123",
  *    "email": "myemail@my.com"
  *   }
  * }

my question is, how to get the session to validate API post? example:

i have post API to store new data. i've imagine this way would be good, set the param to catch the session name 'logged' using codeigniter , in session 'logged' is already has email and username, so will use it as condition to check to table is the email and username is in the table.

$this->session->has_userdata('logged')

so the mobile apps need to save the session in their apps to send again as params. and the code would be like this below:

$data = array(
            'idcardno'        => $this->input->get_post('idcardno'),
            'dateofbirth'       => $this->input->get_post('dateofbirth')
);

$addnewpolis =  $this->modelname->modelmethod($data2);

thank you guys,

CMIIW

Bobby Z
  • 765
  • 1
  • 9
  • 21
  • You cannot use sessions like you want in your code with external api calls. You may generate a token from the login and return it. Then on next api calls from your mobile, send this token in order to know the user identity. – zeflex Jun 11 '15 at 03:22
  • why it can't? how about give response session_id so the mobile apps will send it back, and add 1 param to retrieve the session_id and extract it @zeflex – Bobby Z Jun 11 '15 at 03:35
  • http://stackoverflow.com/questions/8711044/is-it-good-to-implement-rest-api-using-sessions – zeflex Jun 11 '15 at 03:45
  • ok thank @zeflex do you have any tutorial to create token – Bobby Z Jun 11 '15 at 03:58
  • when someone login to a api, api send backs an auth token. each time you call api you need to send that auth token too so that api can understands its you.So you have to understand how you will handle auth token.already you told a way. – Shaiful Islam Jun 11 '15 at 04:58

1 Answers1

1

You cannot use sessions like you want in your code with external api calls. You may generate a token from the login and return it. Then on next api calls from your mobile, send this token in order to know the user identity.

Why: Is it good to implement REST api using Sessions?

To generate a token: https://www.google.com/search?q=generate%20token%20php&rct=j

Then return it in your response and save it somewhere in order to retrieve it on next calls.

Community
  • 1
  • 1
zeflex
  • 1,487
  • 1
  • 14
  • 29