I am developing a simple web service using Nusoap and having problem when adding authentication.
Currently I am using setCredentials() method to attach username and password to request and getting them using $_SERVER['PHP_AUTH_USER'] in server side.
It works fine, but I don't want to authenticate the user for every call. So I need to maintain a session and according to my research, after the first authentication, the server needs to send something like 'session id' attached to the response header and the client should use this 'session id' in subsequent calls.
But I don't know how to set and get headers in both request and response. Could anyone help?
I'm really new to soap and session, so if there is anything wrong with my thoughts, please point it out. Thank you so much.
Finally, I figured out it myself. I used a very simple implementation and it is definitely insecure, but it may help some beginners like me.
First, by observing the Nusoap code I find it is very easy to set and get soap headers both in client and server.
client:
server:
Second, after first authentication using username/password, I saved the username in the session and sent session id to the client. Then the client sends this session id at next call instead of username/password.
server:
client:
Again, above is very simple example and I am also a beginner. So if you have good suggestions, please let me know