So this is a general question that I have with regards to RESTFul API architecture.
I'm using Laravel.
I want all users of my website to be able to login/signup to the Website(not the API, I'm not trying to authenticate the origin) through an API. Illustration below
Client --> Web server --> API server
So normal design is that your php
login/logout/signup scripts are on your Web server and when a user tries to login, script goes to DB
to validate, and then you set a session
on the web server and pass a cookie
to the client if they are validate. Now the web server has a reference to that cookie
and anytime the same client comes back web server recognises them. Same way if they logout, the cookie reference on the web server is destroyed.
Now in my illustration, the API server will see the web server as a client if the login/logout/signup scripts are on it. So the API server will create a session and pass the cookie
to the web server. The web server tells the client they have been validated but will not pass the cookie
to it.
So user is client to web server but web server is client to API server.
- Is my understanding correct?
- Can this architecture be done?
from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/1OsgarA
via IFTTT
Aucun commentaire:
Enregistrer un commentaire