Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
My sessions are working fine, I have a complex custom user permissions system using TankAuth. I started this project as a small one, it has turned into something monstrous. Most of the data is fetched async via javascript frontend. Its basically an API now, with some exceptions.
My question is in regards to sessions. I understand that CI 3 (or later version somewhere) changed the session library to allow multiple ajax calls not to block each other. I have noticed that whilst running multiple ajax requests my application fetches results all together after a delayed time. I'm convinced this is due to blocking of sessions but i am wary to attempt a fix due to security concerns.
How do i stop ajax calls from session blocking each other without risking security?
First off, I believe you're using the word "block" for two different things ...
Here:
I understand that CI 3 (or later version somewhere) changed the session library to allow multiple ajax calls not to block each other.
And here:
I have noticed that whilst running multiple ajax requests my application fetches all together after a delayed time. I'm convinced this is due to blocking of sessions
CodeIgniter 3 didn't just change the Session library - it replaced it with a completely new one, and one of the reasons why was for multiple requests not to interfere with each other (the first quote).
However, the way to achieve that is to use locking (or what you call "blocking" in the second quote and in your question). And you can't avoid this.
What you can do, is call session_write_close() in your requests as soon as they no longer need to modify the $_SESSION array - that will free the lock and close the session for the current request, but still preserving $_SESSION contents for reading.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I wish to know the following: Which one of the following is faster- passing variables to a javascript function and then passing it on to a php file to carry out some operation or running a MySql query to fetch the variables in the php file without passing them? ..Thanks a lot!
For pretty similar request .. if the related value are already available to te client and you need this to some other page then tecnically
the javascript ajax request involve only the internet transfer of the call and the transfer of the result .. the use of database access in addition to sending the request and receiving data also implies the access to the database so normally should be more fast ths ajax method
Unless you have a specific reason for using Javascript, for instance, updating displayed records without reloading the page, use PHP directly. You can always run the php function in a class on a separate file if you wish to keep your html and php separate.
My personal experience of ajax, which you should remember still has to access PHP in order to execute server-side requests, is that it can appear slow. Whether or not it actually is slower, it leaves the page in place whilst executing the code and so might present that illusion to the user.
Also, I think the simplest solution is the best, so if you don't need ajax you shouldn't use it, but if you do need it then there is no reason not to do so that I am aware of.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I am using javascript and Reactjs. We have a very complicated server set up, and it would be quicker if it was possible to use the .env file to store our API keys and access them directly from the client.
I'm sure you can, but you should not. Especially when it comes to security concerns.
Everything the browser reads, writes, or otherwise interacts with is also available to all users to be used as they see fit.
it would be quicker if it was possible to use the .env file to store our API keys and access them directly from the client, [...] there is a way to load .env variable on the code, so its hidden, your just refering to the env file
This would effectively give those API keys to users for them to use as they see fit. There is no way to hide something that is sent to the browser. Nothing is stopping a user from modifying (or completely rewriting) the client-side application for themselves and displaying -- or worse, modifying -- any data present in there.
This is one of the reasons your server should treat every single request and response as a potential attack. Keeping that in mind, including API keys in the response is everything but secure, as a potential attack will pretty much effortlessly harvest your API keys.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have been searching across the Web to find a solution to this:
Basically what I want to setup is a way to have an HTML page on a live production site to kept updated. This is because I have setup a SilverStripe Application as part of a graphics system (green chroma key) that runs through normal HTML.
AJAX load doesn't seem to be an option here since the load would be every 1 second or half a second to make sure the page is live.
I looked into web socket quite vaguely but the whole concept of integrating it with my project confused me entirely.
Anyone got any ideas of what could be done?
To do this you'll need a combination of:
AJAX, you'll need to never do a full page load after the initial Web 1.0 request.
Session history management, you'll need this in order to not break the browser navigation (e.g. back/forward buttons).
Web Sockets, you'll need this so when new content arrives on the server it is received by the client without first having to poll the server.
Web sockets will be the greatest challenge. I listed them in the order in which you should approach the project, in three phases.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I tried creating a chat application in Php and i used the below logic.
1.Get input from user-1 and insert it into the table.
2.Run an ajax function every 5 seconds to look for new entries in the table and display to user-2.
3.vice-versa.
This procedure is really too very slow and the browser hangs often.
How does the real-time chat application actually works ? Can the database trigger an event automatically in the front-end so that we need not hit the database every 5 seconds? If yes, how it is done?
Thanks.
That strategy is called polling and it served us good in the early 2000s, but it has done its time.
A better enhancement is long-polling. We request a webpage, but the server doesn't immediately respond but waits until there's new information available. When the clients receives the new information, it immediately sends a new request and so forth.
Now in 2015, we have HTML5 Websockets and HTML5 SSE (Server Sent Events), that allows both the client and the server to send data whenever data (on either side) is available.
You might consider using node.js (javascript) or Ratchet (PHP) on your server.
Or just long polling, like facebook...
You can use Websockets, they are supported natively in modern browsers.
https://developer.mozilla.org/en-US/docs/Web/API/WebSockets_API
And use a PHP library to use them server side : http://socketo.me
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm using Django and JQuery. I basically want to refresh team's page when the game starts (a game is started manually so the exact time is uknown). So I send an ajax request to the server asking whether the game started, but I have to do it continiously, so I'm not sure what's better:
1. Have a javascript while loop that keeps sending a request
2. Have a while loop on the server side that waits to respond until the game starts.
Or maybe there is some other better way?
Thanks!
Approach 1 which you specify is called polling and which will generate multiple calls to server so it is not recommended.
Approach 2 is not feasible since you will have time out.
Right way(efficiently) to do this type of thing is via WebSockets or some kind of Push Notification from server. few libraries are
http://socket.io/
https://github.com/SignalR/SignalR/wiki/Faq
If this had helped you don't forgot to mark it as answer :)
Your server knows when the game will start, like 5pm? Tell the browser's JavaScript to start polling at 4:59:40
Polling is simplest option since it will work with plain Django system.
There exists several other techniques to keep connection open and send messages to client (browser), like websockets or server sent events (sse), but those require additional components in infrastructure than just Django.
And you can't keep server waiting, browsers and frontend webservers usually do have time limits to detect dead connections so your connection would be terminated before game starts.