I asked a few questions here before talking about various things related to this, but it is more a matter of consolidation, as I would like to check that I have the essence of everything.
I am in the middle of developing a web application for social networks, and although I have a lot of programming experience in Java and in PHP, this time I try a little differently. I modulated every component of the application. For example, one application component allows users to send a private message to each other, and I split it into my own messaging service. I also created a user data service whose purpose is to return data about the user, such as their name, address, age, etc. From the database. This is another service, a friends service, which will work with the neo4j database to create a social schedule. My reason for doing all this is to let me update individual modules when I need it - so while in most cases they are escaping from MySQL,now I can move it to Cassandra later if I think it is approriate.
Actual web application code is really only used for final construction. The modules behind it do not comply with strict REST or SOAP protocols. Basically, every method of our API turns into a procedural PHP script. Thus, this can cause calls for other internal code, which tends to be OO. The web application makes CURL requests to these pages and POSTs data to them or GET data from them. Then these pages return JSON where data is needed.
I'm still a little confused about how I really determine which user is currently logged in. Am I just using sessions for this? For example, if we call the get-messages.php script, which is equivalent to the getMessages () method for this user - it returns all private messages for this user - as if the internal code knew which user it was sending to users, the ID in the script would not be safe. Anyone can do this and receive all messages. Therefore, I decided to use sessions for this. I will fix this?
Can anyone identify any other issues with what I'm doing here?
thank
source
share