0

I was wondering how to use my php session client-side using backbone.js... and I had in idea:

Create a "session backbone model" as a "clone" of the php $_SESSION, a nested model with all the $_SESSION data needed client-side.

But I'm worried about security: with model.fetch i can keep the session model clean from hacks? What do you think about that?

Improve this question

1 Answer 1

Reset to default
1

Backbone has no idea about any sessions. But like any javascript running on your page, it will be able to access the session cookie from your PHP server just fine (decoding document.cookie or similar).

As for securing the calls back to your server, making sure they only come from your application, that's a bit more challenging. If you're primarily worried about "external" hacking (request from other machines than the ones running your application), you could use a scheme where the session cookie contains the client IP address, and that your PHP server verifies that all requests comes with the proper session cookie (that the request IP address matches the one encoded in the cookie that came with it).

As for documentation on document.cookie, this link should be a good place to start:

How exactly does document.cookie work?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

wow! Didn't know about the document.cookie, @Marius could you suggest me some links about it?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.