PHP Sessions translate horribly to the Open Social model in my opinion. This is especially true when you realize that the application is installed on different people's pages ... ie on your own page (owner=John, viewer=john), on your friend's page (owner=Jane, viewer=John), and can also be seen on a preview page (owner = viewer = none).
If you start a session and store 'owner = john' in that session, and the person then goes to his friend Jane's page, the domain and cookie is still the same so you would be using the owner=John information, while it should be owner=Jane ! So a normal php $_SESSION type setup is pretty much useless. Second problem with applications is that you often want to verify that it is indeed John or Jane, and not some sneaky hacker pretending to be Jane (by crafting a http://host.com/userId=jane type url), that's what the signed request is made for.. Check http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequests for how this works on orkut.com... hi5 etc are all the same, except they have different certificates :) The use the owner id or viewer to store the 'state' in your database.. and your good to go :) -- Chris On Jun 23, 2008, at 3:09 PM, krishna chaitanya wrote: > > Hi All > > I am new to Web App Devlopement. Need Help on following requirement. > > I am calling a PHP page from the os application. The php page is > creating a new session for every page request. Suppose If I save some > info in php session when first page is called I am not able to save it > when I called it for the second time. So I am forced to send the > user_id and user_name to every php again and again. > > Is there any workaround for this? > > I have multiple tabs in the app. Every tab will have an iframe which > will have src as a differnt ph page link. So whenever tab is switched > a new php call is made and that call is creating a new session. > > Any solutions??? > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
