Web services are considered stateless requests. There is no "client side browser" to manage storing a cookie to allow for stateful sessions. A better solution is to include the authentication with every request made and then verify the credentials on the server side with each request. With a REST service for example, you can include these as custom HTTP headers with nonce salts to encrypt the password itself as it is sent over the wire for security reasons. A very similar mechanism can be used for SOAP where an authentication header tag is sent with each request.
This is really the only way to successfully have authentication-based web services. On Sat, May 28, 2011 at 4:04 PM, Filipe Dias <filipediasferre...@gmail.com>wrote: > Hi all, > > I'm developping an application as an API: making requests returns > simple xml or json files, but I need to save some properties in > session. > All available documentation is form login oriented. I got > authentication getting a connection to a database, using doctrine > ORM. > If is a valid login, result will be a xml/json with success as > content. > > Login is accessed like http://server/login/<username>/<password>/<format> > logout like http://server/logout/<format> > and acount like http://server/account/<resource>/<format>. > > So i got a problem: I can't handle with session storage of symfony, > because in each request I got a new session id; > > Does anyone know: > 1. how I can get a ROLE_USER (or similar) after received a success > login > 2. how I can get all information from session when I access to the > account with a valid login > 3. how I can invalidate session in logout resource. > 4. Which Is the best configuration in security for this situation!? > > Cheers, > Filipe Dias > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony users" group. > To post to this group, send email to symfony-users@googlegroups.com > To unsubscribe from this group, send email to > symfony-users+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/symfony-users?hl=en > -- Gareth McCumskey http://garethmccumskey.blogspot.com twitter: @garethmcc identi.ca: @garethmcc -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
