问题
I'm not sure how to go with authentication method
I have a way but don't know if it is secure or not. let me explain what I'm doing with REST API.
I have a multiple users based web app, where users can login with their user name and password and do the stuff.
I need to develop a mobile app for that web app. I'm thinking REST with Slim Framework, However I have no problem with Slim REST development but the authentication part is what I am not sure how to develop.
However I have some idea
Use session cookies :- When user login via mobile app call REST API authentication method, make database query and match username/password. If they does match create two cookie for user name and password and store them in encrypted form
When mobile app send next request check the cookies, decypt the user name and password, again match with the database record if matched call Requested method otherwise deny the access.
Please let me know how I am going? Does it still make my REST API RESTful? Is it okay to store username/password in cookies for above senerio?
来源:https://stackoverflow.com/questions/14973428/authentication-based-rest-api-with-slim