Restlet 中的会话?
我刚刚实现了我的第一个 Restlet 应用程序(最后:]),现在我遇到了一个更大的问题。我构建了一个名为 LoginResource 的非常简单的资源,它允许使用 POST 和 GET 操作来允许用户登录并检查他们是否分别登录。现在我已经实现了这一点,并且实际上可以让客户端调用服务器“登录”并查看结果,那么我如何真正跟踪某人是否登录?
我的应用程序需要以下内容:
- 我需要一种方法让客户端最初登录并能够查看他们是否通过资源登录。
- 我需要通过另一个资源提供对对象列表的“安全”访问。这非常简单,但这取决于我是否能够控制访问,到目前为止我无法做到这一点,因为我没有任何激活会话的感觉。
有没有一种简单的方法可以让我启用会话并使用户保持登录状态一段时间?如果这是 PHP,这将是我的代码:
// login.php: login code
$username = $_POST['username'];
$password = $_POST['password'];
if (validate($username, $password)) {
session_start();
$_SESSION['is_logged_in'] = "yarp";
echo get_login_success();
} else {
echo get_login_failure();
}
// list.php: display list of objects
if (isset($_SESSION['is_logged_in']))
echo get_object_list();
else
echo get_security_error();
我讨厌将其全部带回 PHP,但是,嘿,它可以快速生成伪代码。
I have just implemented my first Restlet application (finally :]) and now I'm onto a bigger question. I built a really simple resource called LoginResource, which allows a POST and a GET operation to allow users to login and to check if they're logged in, respectively. Now that I've implemented this and I can actually have a client call the server, "log in," and see a result, how can I actually keep track of whether someone is logged in or not?
My application needs the following:
- I need a way to have a client initially log in and be able to see if they're logged in via a resource.
- I need to provide "secured" access to a list of objects via another resource. It's pretty simple, but it depends on me being able to control access, which as of right now I'm unable to do as I don't have any sense of sessions activated.
Is there an easy way to allow for me to enable sessions and keep users logged in for a time? If this were PHP, this would be my code:
// login.php: login code
$username = $_POST['username'];
$password = $_POST['password'];
if (validate($username, $password)) {
session_start();
$_SESSION['is_logged_in'] = "yarp";
echo get_login_success();
} else {
echo get_login_failure();
}
// list.php: display list of objects
if (isset($_SESSION['is_logged_in']))
echo get_object_list();
else
echo get_security_error();
I hate to bring it all back to PHP, but hey, it makes for quick pseudo-code.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
查看 HTTP Basic、HTTP Digest 和 HTTP OAuth 身份验证(均受 Restlet 支持)。
对于某些客户端(例如浏览器),REST 中仍然使用基于 cookie 的身份验证,但没有服务器端会话。
检查此链接:
http://restlet.tigris.org/issues/show_bug.cgi?id=605
Have a look at HTTP Basic, HTTP Digest and HTTP OAuth authentications (all supported by Restlet).
For some clients such as browsers, cookie based authentication is still used in REST but without a server-side sesssion.
Check this link:
http://restlet.tigris.org/issues/show_bug.cgi?id=605