Hello, I am a complete cakephp beginner and have inherited some code that
was developed by someone else. The code is a PHP based server that uses
CakePHP 2.5 to also expose APIs.
As of today, one can log into the server via login.php which in turn sets a
cookie - ZMSESSID.
The cakePHP APIs are completely unauthenticated today, and I want to add
code to it to basically check if ZM_SESSION is set, and if so, respond to
the API else return a 401
I understand that the PHP app and the cakePHP app are separate as far as
cookie sharing goes, so to make sure it can see the cookie, I've added the
following line to web/api/app/Config/core.php:
Configure::write('Session', array('defaults' => 'php','cookie'=>'ZMSESSID'
));
I assume this would make this cookie accessible in the cake layer?
Now how do I go about rejecting API requests if this cookie is not set? Is
there a common file I can use that rejects all APIs or do I have to go into
each API controller and add code? Would someone be so kind as to also guide
me on how I can perform this check?
thanks
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
