Pass Aura.Auth credentials to Jquery autocomplete

9 views
Skip to first unread message

Andy Tr

unread,
Mar 7, 2017, 9:53:43 AM3/7/17
to The Aura Project for PHP
Hi,

I thought I'd posted this earlier today, but can't find the thread, so apologies if this comes up twice ...

I'm in the process of building a small multi-tentant web app using Aura.Auth for authentication.  Each tenant has their own unique copy of the DB, so once logged in, the query is executed against the DB for the authenticated user.

I need to use Jquery autocomplete to display on a form input, but the data needs to come from the tenant's own DB.  Is there a "correct" way to pass through the authenticated user's credentials, so that the PHP script that is executed by Jquery is able to retrieve records from the correct tenant's DB, please?

I've read somewhere that I could use an authentication token which expires, but this could obviously be stolen and used by somebody else before the expiry date/time.  Does this need to be combined with the user's external IP address or is there a better method, please/

Cheers

Andy

Chris Johnson

unread,
Apr 13, 2017, 9:39:35 PM4/13/17
to The Aura Project for PHP
If I understand your question correctly:  This sounds like a use for cookie-based PHP session IDs.  The browser should send the authenticated session ID with every request it makes.  The backend process would need to verify the ID as valid.

For example, I use jQuery to do AJAX requests for page data.  All web server requests to my PHP code including AJAX are validated/authenticated the same way, using Aura.Auth.

PHP session IDs generated using PHP's default algorithm are cryptographically secure, in that valid IDs cannot be guessed.  Certainly someone who intercepted one could re-use it, but there are a number of steps one should take to keep them secure.  (more info on security here:  http://php.net/manual/en/features.session.security.management.php)

Does this help at all?
Reply all
Reply to author
Forward
0 new messages