Questions about login
-
giaf1
-
Topic Author
-
Offline
-
New Member
-
Less
More
-
Posts: 3
-
Thank you received: 0
-
-
8 years 9 months ago #4725
by giaf1
Hi,
sorry if my questions may seem obvious but I'm new about REST architecture and webservices; I've added jBackend to my Joomla test site (I will need it later for manage users access from a mobile app to Joomla site), I made a login request through a client using GET method, the JSON response is:
{
"status": "ok",
"userid": "...",
"username": "...",
"session_id": "..."
}
(dots are hidden values)
so the login has been successful;
1) this means that should I be logged in my website (frontend side)?
However I checked but I'm not logged in, neither frontend or backend side, but if I made an "User status" request JSON response is: "status": "ok", "is_guest": 0 ...;
2)REST login is different than website (frontend or backend) login?
P.S. My rest endpoint is set on "Public" access, in JBackend - User Module option panel I set "JSON Login" to "Yes", "JSON Register" to "Yes" and "Enable session id" to "No"; about "session id",
3)why I have a "session_id" parameter in JSON response if i put "Enable session id" to "No" in option panel?
4)what if I put "Enable session id" on "Yes"?
5)If I disable session_id, so I do NOT override cookie based session, should I be logged in my site (frontend) after made REST login?
Thank you
Please Log in or Create an account to join the conversation.
Less
More
-
Posts: 3194
-
Thank you received: 441
-
-
8 years 9 months ago - 8 years 9 months ago #4728
by admin
Hi,
after you make the first request you are logged to Joomla (sessions are cookie based). The session_id provided in the response is just an information (the same you could see from a browser inspecting cookies). And you can verify your session id on the session table. For subsequent requests you need to pass the cookie even for your REST requests. This means, as example, you have to use withCredentials option in $http if you will use AngularJS.
The plugin option "Enable session id" is NOT related to the session_id you get in the response. It was added in the latest version to manage sessions when you can't rely on cookies. In these situations Joomla will not find the session id in the cookie so any request is a "new guest" request. With this option jBackend will take the value of session_id input parameter and will try to "inject" it in the Joomla session.
Thus, if you can rely on cookies, you can leave "Enable session id" off.
More info here:
www.selfget.com/documentation/jbackend-joomla30/user-module-api.html
Kind regards,
Luigi
Last edit: 8 years 9 months ago by admin.
Please Log in or Create an account to join the conversation.
Time to create page: 0.151 seconds