TASK: My organization uses a CMS called Expression Engine for some
legacy functionality. I would like to build a user interface to some
new functionality in CakePHP. I want the authentication from EE to
be somewhat integrated so that the user need not log in twice. I
can execute arbitrary PHP conditionally on whether the user is logged
into EE and can access the user's ID, so that side of things isn't
difficult.
The tricky part is setting something so that Cake knows the user is
logged in. I've thought of three different approaches, but the most
promising one isn't working for me. I'm hopeful it's because of my
lack of understanding of sessions in CakePHP, rather than the inherent
impossibility of the approach.
== Approach 1: Store session data, retrieve it in CakePHP ==
Figuring that there out to be some way to store session data, I got as
far as this in the CMS:
<?php
session_name('CAKEPHP');
session_start();
?>
{if logged_in} <!-- These are just CMS-specific tags to prove that I
can tell I'm logged in -->
THE MEMBER ID IS {member_id} <br />
<?php
//It doesn't really matter what I'm setting it to here; just some
arbitrary value.
$_SESSION['ee_member'] = sha1('ee_member');
var_dump($_SESSION);
if (empty($_SESSION['count'])) {
$_SESSION['count'] = 1;
} else {
$_SESSION['count']++;
}
echo "count is ".$_SESSION['count']."<br />\n";
echo "session name is ".session_name()."<br />\n";
?>
OK, I can see this working -- for example, the $_SESSION['count']
thing works and the session name is CAKEPHP.
However, in my Cake controller when I try to retrieve the session
data:
echo $this->Session->read('ee_member');
echo "<br /><br />\n\n";
echo "Count is: ".$this->Session->read('count');
echo "<br /><br />\n\n";
None of that shows up, so I infer that the session must be getting
restarted by CakePHP or somehow my data put in there is getting
clobbered. Is this a correct inference?
Is there any way to make this approach work that I'm just missing?
== Approach 2: Store non-session cookie; retrieve it in Cake ==
I haven't tried this yet because I've been trying to get #1 working.
But it seems plausible. Any feedback?
== Approach 3: Store the client IP address in the database for a given
user ID; retrieve it in Cake ==
This is my least favorite approach because my understanding is that
there could be some way for a user to simulate an IP address and hence
impersonate the client who logged in. And of course IP addresses
aren't always stable so this would need to be a very short-term thing
that expires quickly.
In any case I may be missing the forest for the trees (e.g. maybe
there's some way to do easy authentication in Cake and have the CMS
authenticate based on that, i.e. vice versa) and I feel like I'm being
naive about authentication here so I wanted a second opinion.
Thanks,
Philip
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
