[Midas] authenticated access

Zach Mullen zach.mullen at kitware.com
Thu Jun 28 13:13:35 EDT 2012 

If you aren't using AJAX calls or something else that shares the browser's
cookies and sends them automatically, we have a mechanism that will let you
manually set the session ID in your request.  We use this mechanism in our
Flash uploader since it does not use the browser's cookies.

You will need to pass the session ID down to the application that needs it.
 You can get the current session ID by calling session_id() with no
parameters. (http://php.net/manual/en/function.session-id.php)

Now that your application knows the session ID, you can pass it with your
request by adding the POST parameter "sid" set to the session ID.  Midas
currently requires you to POST the parameter for security reasons.  The
"useSession" parameter should work then.

Thanks,

Zach


On Thu, Jun 28, 2012 at 12:51 PM, Zach Mullen <zach.mullen at kitware.com>wrote:

> Hi Mona,
>
> It looks like the session isn't being shared properly with Annio.  Is
> Annio calling the web API using javascript AJAX calls, or something else?
>
> Thanks,
>
> Zach
>
>
> On Wed, Jun 27, 2012 at 8:56 PM, Mona Wong <mona at sdsc.edu> wrote:
>
>>
>> Hi Zach:
>>
>>        I'm trying to get the useSession parameter working for the web API
>> call from the application Annio but am getting
>> "{"stat":"fail","message":"This item doesn't exist or you don't have the
>> permissions.","code":-151}" returned instead.
>>
>>        The interesting thing is that I am able to make the call manually
>> in my browser and it works.
>>
>>        Annio and Midas are installed on the same server (
>> http://idash-images.sdsc.edu/annio/ and
>> http://idash-images.sdsc.edu/midas/, respectively) and I know the
>> session has not expired yet.
>>
>>        Any other idea why Annio get a failure result while the browser
>> works fine?
>>
>> thanks,
>> Mona
>>
>>
>> On Jun 25, 2012, at 6:14 PM, Zach Mullen wrote:
>>
>> > You may be able to use the session for this; if you pass the
>> "useSession" parameter to a web API method, it will attempt to use session
>> authentication instead of the web API token, but this only works for
>> clients that support session cookies.  So the question is, how is Annio
>> going to write data back into Midas?  If the application is running in the
>> same place as Midas, you should be able to just pass useSession to the web
>> API assuming the user's session is still active.  That seems to me that it
>> would work because Annio is an HTML5 application and is running in the
>> browser, so it would have all of the same session cookies from the Midas
>> instance.
>> >
>> >
>> > Thanks,
>> >
>> > Zach
>>
>> *********************************************
>>    Mona Wong
>>    Web & iPad Application Developer
>>    San Diego Supercomputer Center
>>
>>     You are the light you wish to see.
>> *********************************************
>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://public.kitware.com/pipermail/midas/attachments/20120628/7f0be441/attachment.html>

More information about the Midas mailing list