I have a django blog project and a chat in PHP.
I need to share the id of the user logged in django ( request.user.id ) with the chat in PHP.
Is this possible ?
+2
A:
I don't think using sessions in this way is a good idea, since they're designed to keep data temporarily for a certain user in an application. It might be a better idea to store the id in a cookie and read that in the chat, or pass a variable in the link.
Arda Xi
2010-06-05 11:04:27
If I save the user id in the cookies then some lamers ( or hacker ) can edit it and chatting with another username and another friendslist ( because for every user id there are a certain friendlist ).
xRobot
2010-06-05 11:33:52
Of course you'd need to include some kind of hash to make sure it's legit. The same thing can happen with sessions by the way. Something like `md5($userid."salt".time())` will work, then check that later, include the IP of the user if you wish.
Arda Xi
2010-06-05 12:01:18
+2
A:
You could use HTTP authentication for this. As long as both applications are on the same domain and the realm name (sent in the WWW-Authenticate header) is the same for both, once a use logs into one or the other application, the REMOTE_USER variable will be available to both and will contain the username of the person logged in.
AdmiralNemo
2010-06-05 15:25:48
That would work, but for most people HTTP authentication will be out of place compared to the usual HTML form auth.
Arda Xi
2010-06-06 10:46:25