JSON API designed to use JavaScript - process session data server or browser?

Question

JSON API designed to use JavaScript - process session data server or browser?

I am creating an API that will use JSON. The main use of this API will be AJAX in the browser, but it can also be used by PHP scripts on the server side, etc.

There are two ways to do this (I think):

Create an API so that it uses HTTP headers to set a session cookie and retrieves all data to save state with COOKIE['session_id'](pseudo-code)
Create an API so that it returns session_idand allows the user JavaScript to set its own cookie forsession_id

I lost a bit at all. Which method will be more secure (CSRF, etc.), which is easy for developers to understand, is easier to make changes on the server side without telling users that they need to update their code.

Also, do you recommend using the JSON-RPC specification, and if so, does one of these methods better support JSON-RPC?

Any help is greatly appreciated.

+3

javascript api cookies

orokusaki Jun 25 '10 at 15:44

source share

2 answers

, cookie. AJAX, cookie, -.

API . cookie HTTP, cURL.

: API, ?

0

mhitza 16 . '10 15:49

Joeri Sebrechts · Accepted Answer · 2010-08-19T21:33:10+0000

I ran into the same problem (how to make sessions for the JSON-RPC based web services infrastructure). As a result, I used the URL parameter for the session. My reasoning:

cookie , cookie . cookie .
HTTP , JSON-RPC -- (, Windows).
- , .

URL- - , , URL- , , . - , , - .

JSON API designed to use JavaScript - process session data server or browser?

More articles: