Reputation: 540
stateful xml-rpc service / php
I'm creating a XML-RPC client and server that's going to be using a pre-shared key mechanism to maintain the trust between the client and the server; both client and server are web applications written in PHP that communicates through the HTTP protocol. To be more specific, the client is a Moodle plugin and the server is our school resource management system.
If the authentication is successful, the server will generate and return a temporary link that allows the end-user to log into our resource management system from moodle, bypassing our application authentication mechanism so the user doesn't have to input his credentials twice.
The client needs to call two different functions in this process (Auth1 and Auth2), if the authentication is successful the client will return a special link that allows the moodle user to log into our school management system through Moodle.
I wanted it to work as following:
1) Both the Client and Server must know the same passphrase;
2) The Client (Moodle plugin) calls the function Auth1 on the server and pass as parameters a random sequence A of alpha-numeric digits and the username that he's requesting the link;
3) The Server creates a session, generates a random sequence B of alpha-numeric digits, send it to the client and store both the username, random sequence A and B in the session variable:
4) The Client calls the function Auth2 and pass sha(random sequence A . random sequence B . pre-shared-key) as a parameter;
5) The Server compare the received parameter against his own sha(random sequence A . random sequence B . pre-shared-key). If the parameter received is the same of his sha, he sends a link to the client; if it's not, it sends an empty string.
I can sucessfully call the function Auth1, but when I call the function Auth2, I notice that the server isn't receiving a session.
This way I can authenticate the client and the server without sending the passphrase in plain, similarly to what's done with WPA-PSK.
I'm using ripcord in the client side and codeigniter's xmlrpc's library in the server.
How can I keep a session between XML-RPC calls?
Upvotes: 1
Views: 493
Answers (1)
Reputation: 505
My first thought is that when you do Auth1 the server sends a session cookie, and since you are storing data in the session the cookie is needed. When you do Auth2 you don't send the session cookie, so the server creates a new session and your data is lost.
I may be wrong because I don't know if the client you are using does that automatically.
Upvotes: 1
Related Questions
- XML RPC connection using PHP
- XML-RPC server implementation in PHP - minimal, simplest possible
- PHP application with Wordpress XMLRPC - how to start?
- Codeigniter xml-rpc issue
- XML RPC issue with PHP and JS
- How do I access XML-RPC data from PHP?
- working with php session variables for an xmlrpc client in php
- Building a XMLRPC client using xmlrpc-epi in PHP?
- Simple, but advanced XML-RPC on PHP?
- xmlrpc User Credentials are not Authentic logic