So, logically, I could include some security checks in the cfc (if session.myID neq arguments.userID set unauthorizedRequest =1) and if I wanted to extend that to include API keys I could modify that logic to check the API key against the user's credentials as well?
Before I start pulling random stuff off google, do you guys have any known good tutorials on using API keys with rest/cfc's ? I'm planning on using these CFC's remotely via iPhone/Android apps, and eventually create a facebook app as well. On Tue, Jul 24, 2012 at 8:17 AM, Alan Williamson <[email protected]> wrote: > > On 24/07/2012 09:15, Jason King wrote: >> >> Thanks again. I thought rest was stateless, so even if I sent an ajax >> call via http to a remote CFC, the user's session state wouldn't be >> included. >> >> For instance, when a user logs in, I create a variable 'session.myID' >> which is the user's userID. Would ajax calls be able to use that >> session info? > > > Yes. as the browser will still include the necessary cookie with that call. > So Application.cfc/.cfm is still honored with a remote CFC call. > > > -- > online documentation: http://openbd.org/manual/ > http://groups.google.com/group/openbd?hl=en -- online documentation: http://openbd.org/manual/ http://groups.google.com/group/openbd?hl=en
