Hi All,
I have contact management / CRM application used in-house by our company, It is a web based app and thus uses a lot of Ajax. Most of the data is JSON, and the backend server uses PHP with MySQL as the database...
I would like to build a mini Adobe Air version of that, mostly because I can use Drag and Drop file uploads, client side image resizing, client side screenshot creation of uploaded files etc. etc.
Now, because the server side is a glorified JSON data provider, I figure I can adapt it to provide data to the AIR app.
My problem is, how do I handle authentication?
In PHP I use sessions for authentication...
For AIR i figure it will be more like a JSON webservice, where you call a certain URL to access certain JSON data.
After a bit of brainstorming, here is what I came up with:
- The user logs in when the AIR app starts
- The server returns an unique token on successful login, and stores that token in the DB
- The AIR app has to append that token to every request it makes to the server
- On every request, the server checks the validity of the token by comparing it to the one stored in the DB.
The questions are,
is there a better way than this?
How long should the token be valid for?
How do i handle clients that close the application without logging out, and without giving me a chance to nullify the token on the server?
If anyone has been in a similar situation, I hope to be enlightened by your answers...
thanks