WebService and session

Hello, I’m creating a serie of “WebServices” from a rails application so that an iOS App will be able to communication with the WebApp. Basically I’m creating functions that get a json request, analyse it and send a json result…I’ve never done that before and I have a huge problem: I have no idea how to manage session for WebServices. The idea is that a user log from the iOS App to the WebApp using a webservice. I was able to create a function that does the login but how do I do to remember the user next time the App calls a webservice? In my WebApp it’s pretty easy, I check the session for user information but in that case I have no clue about what to do…I thought of saving the session in a DB table but doesn’t seems like the best solution, is there any way a session can be loaded from a token or something?

Oh, I’m working with rails 2.3.5 btw…

You probably want to assign some kind of Token/API Key to each user. You can use that in your requests (be it in the request params or in the header) and then authenticate in your controllers. I would look into the “authenticate_or_request_with_http_token” method which checks your request headers for the Token. Then in your iOS application, you can ‘login’ a user by saving their API key (I’m unfamiliar with iOS…I know Android has SharedPreferences and Database possibilities for storing data) and then each time you need to use communicate with the Rails web service, pass that Token in the headers or however you do it. I believe you do not need to simulate/worry about ‘sessions’.

Now that I look into the http_token method I recommended, it doesn’t look like it was implemented until Rails 3.0 and you mentioned your on 2.3.5. Taking that into account, there are other ways out to accomplish the same thing if you go with the token-in-the-header approach. One that I can think of is just pull out the token in the request header manually then do the authentication.

Ok, I added the token and it works just fine to authenticate the user each time a webservice is called, the thing is using a session would be much easier than sendding all the data needed when a webservice is called (some of them are pretty tricky), is there any way to retrieve a session precedently created? With an id or something maybe? I google it but didn’t find any usefull answer…

Well, after looking further it seems that I would have to use a DB Session Storage system as I though and I’d rather avoid this so I guess I’m just gonna go with the token and that’s it

If you’re going to be using this verification everywhere, you could put your Token verification in your ApplicationController as a before_filter then you can always skip that for certain controller actions you don’t need it.