All my pages are of PHP and they need SESSION values for any transaction. If I use oAuth, can I create a session there and use it? Or any other way?
On Thu, Jun 12, 2008 at 4:17 PM, Chris Chabot <[EMAIL PROTECTED]> wrote: > Hey Neo, > > Welcome to the world of gadget development :-) There's a lot of resources > and examples out there of how to write this, they might give you a bit of a > better overview of how to develop gadgets in the open social kind of way. > > Normally speaking gadget writers don't have access to either the container, > nor the shindig server, so their server is on a 3rd domain ... > > Now Sessions are especially bad since the same gadget can be on different > persons pages, one for me == viewer == owner, but also on your friend's page > (same gadget, same browser, same session cookie... however a different > gadget with different info.. woops!) Next to that huge problem, the proxy > server also cache's information (use the REFRESH_INTERVAL param for > makeRequest to control for how long btw), and dynamic sessions + caching > proxies = bad :) (and yes you really want to have caching, since it saves > your behind when you just made a popular app on orkut, myspace and hi5 and > your servers would crumble if you served all the page hits all by your > self). So thats 2 very big reasons not to use sessions in this context. > > So what you would do is that if you need specific information, in the > social setting this will be related to the Viewer ID, or the Owner ID, and > those can be provided in a secure, verified fashion by making signed > requests.. > > There's a how-to-do-this from the gadget point of view at: > > http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequests > > And for creating certificates on php shindig's side read: > http://svn.apache.org/repos/asf/incubator/shindig/trunk/php/certs/README > > After you follow those steps, the public certificate for your shindig > server is available at http://<your.shindig>/public.crt which you can then > use in the client side to validate the requests, and verify the owner and > viewer id ... and all your logic you kind of hang of of those id's > > > On Jun 12, 2008, at 10:20 AM, Neo Anderson wrote: > > Chris, I got another problem here. >> >> Problem is my container is at port 80. Server is at port 8080. Here, I am >> able to send Ajax requests from the XML file(gadget) to files at port >> 80(container) without any problems. The files on port 80 are (PHP files) >> using sessions and based on these sessions. But the problem is as the >> makeRequest uses proxy, request to that server page goes from port 8080 >> and >> session is created for localhost:80, so session doesn't exist for >> localhost:8080. How can I solve this problem? >> >> >> On Wed, Jun 11, 2008 at 5:11 PM, Neo Anderson < >> [EMAIL PROTECTED]> >> wrote: >> >> Yes, Thank you. >>> >>> >>> >>> >>> On Wed, Jun 11, 2008 at 2:25 PM, Chris Chabot <[EMAIL PROTECTED]> wrote: >>> >>> try: >>>> >>>> <?php >>>> echo json_encode($_REQUEST); >>>> >>>> >>>> i think that will fix a lot of your problems right there :P >>>> >>>> -- Chris >>>> >>>> >>>> On Jun 11, 2008, at 8:59 AM, Neo Anderson wrote: >>>> >>>> <?php >>>> >>>>> json_encode($_REQUEST); >>>>> ?> >>>>> >>>>> I am getting response as below: >>>>> >>>>> throw 1; < don't be evil' >>>>> >>>>> {"http://localhost/makeRequestTest.php":{"body":"\r\n","rc":200}} >>>>>> >>>>>> >>>>> >>>>> >>>> >>> >
