tags:

views:

22

answers:

1
Q: 

zend framework question

Hi stackworld,

Well heres my question.

In my project im using a rest service to authenticate clients. That part is ok as I have used a simple authentication by hashing a user id and a password together. After the authentication I want to open to the users few other rest services through the modular scheme in zend framework.

I am currently having the following directory structure,

Default/
       IndexController
       ErrorController
       LoginController
Modules/
       player/...
       game/...

So the users will not be able to access player api if the initial login that they did is successful. Its almost as if I have to keep a session variable to check if the users have authenticated initially before using the other rest services. How can I go about doing this ?

+1  A: 

You can either store a cookie/session variable that the user must pass along with their request, or you can assign them a token that they must pass along with their request. It's more "restful" if you use a token instead of a cookie.

Andrew  2010-10-23 17:12:35
the other way i was planing on doing in the end was to use a plugin to confirm the authentication everytime. which will avoid the token or session setting. all i wanted to do after all was to stop the api from opening to the whole world without some sort of auth.
kuzyt  2010-10-23 22:00:04

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication