We have a website: (for example) site.com. We have site.com/auth.php in which we get Login /Pass using the GET /POST method.
site.com will turn to its API by JS /Angular 2, i.e. The same authorization will occur through the appeal of http angular`a on the URL site.com/auth.php. I also want to make an Android app for site.com. Android application refers to the url site.com/auth.php and passes authorization.
Question: How to implement it right and safely? I do not understand this, at the moment found the following information. On the server generate a SESSID, which then transmit together with each request. Those. The server no longer transmits in the sessid headlines. And only on the API request in response in JSON for example. On the Angular website will record SESSID in cookies, android stored at home. How and where to store these sessid on the server? Something read about Redis, but did not quite understand whether he enters PHP or it is necessary to put it separately, if separately, then Redis can not be on each virtual hosting?
p.s. There are many questions, because I understand a little how to solve the problem. As you understand, there will be less questions. I am waiting for both answers and criticism, edits and references to useful resources. Thank you for attention!
- AMOCRM PHP API Why is an empty query body go?
- How to display an answer from the API in PHP?
- Help the advice how to connect PHP SDK QIWI
- php : Laravel | How to make sending email letters when resetting a password or registration?
- How to get comments with YouTube on PHP
- php : WP REST API WP Rest Response returns dual quotes (one character) instead of NULL when calling a class method
- php : How to install guzzle headers
- php : Is the client possible to download the file directly from the server to bypassing the intermediary server?
- php : Where is the error when processing API?