Reserve id in session
It is determined by the webservice provider!
It is determined by the webservice provider!
It is determined not only by the webservice provider, but also by the access method. for example, if you use basic for verification and use a browser for access, a verification box is displayed. if the verification passes, a prompt box is not displayed when the same process accesses the website again.
My problem is that if curl requests webservice, it seems that verification information must be provided each time to complete the call. Is there a solution for verification?
You can check whether the cookie contains a value such as id in the HTTP header. this value must be sent to the server each time a request is sent.
You can check whether the cookie contains a value such as id in the HTTP header. this value must be sent to the server each time a request is sent.
The idea is still incomplete
You are talking about browser verification.
User: $ _ SERVER ['php _ AUTH_USER ']
Password: $ _ SERVER ['php _ AUTH_PW ']
Reference: http://php.net/manual/en/features.http-auth.php
Function authenticate () {header ('www-Authenticate: Basic realm = "" '); header ('http/1.0 401 unauthorized '); echo "You must enter a valid login ID and password to access this resource \ n"; exit;} if (addslashes ($ _ SERVER ['php _ AUTH_USER '])! = 'Adminname' | addslashes ($ _ SERVER ['php _ AUTH_PW '])! = 'Adminadmin') {header ('www-Authenticate: Basic realm = "" '); header ('http/1.0 401 unauthorized'); echo "Sorry, you do not have permission to enter! User = ". $ _ SERVER ['php _ AUTH_USER ']. "password = ". $ _ SERVER ['php _ AUTH_PW ']; // I added this sentence for testing.} enter else {echo! User = ". $ _ SERVER ['php _ AUTH_USER ']. "password = ". $ _ SERVER ['php _ AUTH_PW ']; // I added this sentence for testing. echo"Welcome: {$ _ SERVER ['php _ AUTH_USER ']}
"; // Echo" Old: {$ _ REQUEST ['oldauth ']} "; // echo"
\ N "; echo date ('H: I: s ')."
"; // Pause for 10 seconds sleep (10); // restart echo date ('H: I: s'); header ('www-Authenticate: basic realm = "" '); header ('http/1.0 401 unauthorized');} // you can use it directly to see if you want the result.
You are talking about browser verification.
User: $ _ SERVER ['php _ AUTH_USER ']
Password: $ _ SERVER ['php _ AUTH_PW ']
Reference: http://php.net/manual/en/features.http-auth.php
It should not be what I want. I want to ask two questions:
1. what authentication mechanisms does the open webservice provide? For example, if I say key is a type, http basic verification is also a type, and what other methods are there?
2. I want to know which verification mechanisms are for this purpose: Is there a verification mechanism? When php calls webservice, it only needs to send verification information in the first request, subsequent calls do not need to be verified again-similar to the process of browsing a common page. after you fill in the login information, as long as no timeout occurs, you do not need to log on to any other pages on the website.
Reply by referencing ihefe on the 7 th floor:
You are talking about browser verification.
User: $ _ SERVER ['php _ AUTH_USER ']
Password: $ _ SERVER ['php _ AUTH_PW ']
Reference: http://php.net/manual/en/features.http-auth.php
It should not be what I want. I want to ask two questions:
1. what authentication mechanisms does the open webservice provide? Than ......
This is verification only once. Have you tried the code I gave you? Put the last
Echo date ('H: I: s ');
Header ('www-Authenticate: Basic realm = ""');
Header ('http/1.0 401 unauthorized ');
Remove
Er, that is, http basic verification.
Looking back at this issue today, it seems that curl can be used to send cookies.
Myservice. php
Myproxy. php
Myclient. php
After logging on to myclient. php (or other places), you can directly access myproxy. php and request myservice. php through curl together with cookie in myproxy. php.
What are your comments?
Lz can fully adopt the session mechanism. when you send a request, you establish a session on the server side. after the server processes the user request, it sends the sid to the client, the client can record the information in the cookie. as long as the sid does not expire, verification information does not need to be sent again. Session provides this mechanism.
Lz can fully adopt the session mechanism. when you send a request, you establish a session on the server side. after the server processes the user request, it sends the sid to the client, the client can record the information in the cookie. as long as the sid does not expire, verification information does not need to be sent again. Session provides this mechanism.
But how does the session mechanism apply to webservice?
Reserve id in session
Reserve id in session
It is not clear enough. what is the difference between it and the method I used to pass the verification through the curl proxy?
You do not need to pass the password every time. This poses a security risk and can be solved with a temporary token.
Can I disable cookies, sessions, and other similar mechanisms?
Ah, PHP is not perfect.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
