使用RestKit进行“永久”会话的正确方法是什么?
最简单的方法是在服务器端进行长时间会话,但不确定浏览器版本是否安全。 如果会话过期,我宁愿隐式重新登录,但在这种情况下,我必须处理会话到期,发送新的登录请求,接收响应并再次发送目标请求。 来源变得更加复杂。
RestKit中是否有可以自动管理的功能? 也许只使用CakePHP的功能保持iPhone应用程序的持久会话和Web版本的短暂会话?
谢谢,维克多
What is the correct way of making "persistent" session with RestKit?
The most simple way is to make long session at the server side, but not sure it's safe for browser version. I prefer to implicitly re- login if session is expired, but in this case I have to handle session expiration, send new login request, receive response and than send again a target request. Sources become more complicated.
Is there any features in the RestKit which allows manage that automatically? Maybe just keep persistent session for iPhone app and short one for web version using features of CakePHP?
Thanks, Victor
最满意答案
您可能需要会话才能进行身份验证/授权才能正常工作?
我目前正在iOS上开发一个RestKit项目。 根据我的需要,我所做的与RestKit创建者的讨论板示例非常接近。
在iOS中,你可以写一个uniqueSecurityToken给NSUserDefaults 。 它可以是iOS应用程序中用户模型的属性模型。 在Rails上(我做了一个假设),如果你有Authlogic / Sorcery这样的认证,很容易覆盖current_user方法或者根据令牌分配一个方法。
例如,
def user_access_token request.headers["HTTP_X_USER_ACCESS_TOKEN"] || request.headers["HTTP_USER_ACCESS_TOKEN"] end def check_for_mobile_token if token = user_access_token current_user = User.find_by_remember_me_token(token) || current_user end end您可以调用before filter以确保始终检查身份验证。 在IOS端,告诉RestKit在头文件中发送uniqueSecurityToken作为HTTP_USER_ACCESS_TOKEN 。 请注意,这可能不是最安全的方法,您至少应该有HTTPS,以便传输被加密。
这里是RestKit讨论板项目(对于RestKit / IOS非常有用) https://github.com/RestKit/RKDiscussionBoard
这是一个概述Rails / iOS集成的Rails演示文稿http://www.slideshare.net/maximeguilbot/rails-as-ios-application-backend
如果您使用的是Rails以外的其他REST框架,则也可以引用JSON技术。
You probably want the session in order to for authentication/authorization to work?
I'm currently working on a RestKit project on iOS. For my needs, what I did was very close to the discussionboard example by RestKit's creators.
in iOS, you can write a uniqueSecurityToken to NSUserDefaults. It can be a property model of your user model on the iOS app. On Rails (Im making an assumption), if you have a auth gem like Authlogic/Sorcery, it's very easy to either override the current_user method or assigning one based on token.
For example,
def user_access_token request.headers["HTTP_X_USER_ACCESS_TOKEN"] || request.headers["HTTP_USER_ACCESS_TOKEN"] end def check_for_mobile_token if token = user_access_token current_user = User.find_by_remember_me_token(token) || current_user end endYou can call a before filter to make sure that the authentication is always checked. on the IOS side, tell RestKit to send the uniqueSecurityToken as HTTP_USER_ACCESS_TOKEN in the headers. Note that this is probably not the most secure method, you should at least have HTTPS so that the transport is encrypted.
Here's the RestKit Discussion Board Project (very useful for RestKit/IOS) https://github.com/RestKit/RKDiscussionBoard
Here's a Rails Presentation that outlines Rails/iOS integration http://www.slideshare.net/maximeguilbot/rails-as-ios-application-backend
If you're using another REST framework other than Rails, you can reference the JSON techniques too.
更多推荐
发布评论