Handling user sessions with Mochiweb

Question

I have a PHP based application running. The user logins, and does some actions. I have a reverse proxy set up to forward certain requests alone to be handled by the mochiweb server - e.g. any request URL with mysite.com/mochiweb gets routed to the mochiweb server.

Now, my question is how do I authenticate this request using the session information handed out by PHP? I want only the users who have logged in via the PHP front end to be able to access the services of the mochiweb webserver. Any stray requests directly should not be served.

Answer 1

you could have the erlang server send an http request with said session cookie to the php server and have the php server return if session is valid or not. for example here is how i verified site via recaptcha

-module(ed_recaptcha).

-license("GPL3").

-export([verify/4]).

-define(RECAPTCHA_URL, "http://api-verify.recaptcha.net/verify").

verify(Private_Key, Remote_Ip, Challenge, Response) ->
    Body = list_to_binary(
             io_lib:format(
               "privatekey=~s&challenge=~s&response=~s&remoteip=~s",
               [Private_Key, Challenge, Response, Remote_Ip])),
    case http:request(post, {?RECAPTCHA_URL,
                             [], "application/x-www-form-urlencoded",
                             Body},
                      [{timeout, 30000}, {sync, false}],
                      []) of
        {ok, {_Status_line, _Headers, Response_Body}} ->
            verify_response(Response_Body)
    end.

verify_response("false\nincorrect-captcha-sol") ->
    {error, robot};
verify_response("false\ninvalid-request-cookie") ->
    {error, robot};
verify_response("true\nsuccess") ->
    {ok, not_robot}.