February 12th, 2009, by Aaron
This morning I had to solve a problem that involved an application inside an IFrame not keeping it’s session state. I’d solved this problem many times before, a long time ago, in a galaxy far far away, but still it stumped me again!
In this example we had two client websites we’ll call site-a.com and site-b.com. Site-a.com had a page that contained an IFrame which sourced it’s content from site-b.com. The page on site-b.com allowed the user to log in to the application that resides on the site-b.com domain and then click on various links that would take them to other areas in the site-b.com application.
This worked perfectly in Firefox and Safari, but in IE7 it failed and would not let the user log in. After setting up a test environment on my virtual machine and repeating the bug I went looking for a solution.
It turned out that what was required was a declaration by site-b.com that it was okay to do what I was trying to do. It seems that as long as site-b.com declares that it’s safe then the browser assumes this to be the case and it all starts to work.
The way this is done is through adding P3P info to the header of the response. Essentially what this does is say to the browser that your application is okay with taking information from other domains. Rather than relying on external security measures, you’ve taken the steps yourself to develop a secure application. This sort of setting can also be used for single sign on situations too where your cookies need to be accessible across domains and applications.
Typically it’s as simple as adding :
header('P3P: CP="CAO PSA OUR"');
to the page. You could also add it on the server level if required, but in this case it all takes place in an extranet module so it’s perfectly suitable to be applied only on one page. There are quite a few options that you can find on the P3P Specification.
So that’s how you get cross domain cookies to work with PHP. It’s much the same in other web frameworks, you just need to work out how to modify the headers in the one you’re using.
We are a Perth web design and web development company and this is our blog. We specialize in building web applications with the Ruby on Rails framework. Jump to the Ruby on Rails category or contact us.
Tags: Cookies, IFrame, P3P, PHP, Security
Posted in Code, Tips and Tricks | 2 Comments »
February 5th, 2009, by Aaron
In PHP4 objects were passed by value, it’s probably the intuitive way to deal with variables for a beginner and in a language where objects are not first class. However in PHP5 this has been changed and now objects are passed by reference, this stung me when writing some tests recently.
public function testNameIsUnique() {
$test1 = $this->BuildValidDiscountType();
$test2 = $test1;
$test1->Save();
$this->assertTrue($test1->id > 0);
$this->setExpectedException('DiscountTypeException');
$test2->Save();
}
This code shouldn’t have worked as far as I was concerned, in fact I was expecting an exception to be raised. Instead it was working and after a little debug tour I found that my $test1 = $test2 line was causing $test2 to be a reference to $test1, not what I wanted. This caused my update method to be triggered instead and of course the name is still unique.
It only required a small change to that line, using the clone specifier :
$test1 = clone $test2;
After that everything went as expected and I knocked off another test, and added to my PHP knowledge.
We are a Perth web design and web development company and this is our blog. We specialize in building web applications with the Ruby on Rails framework. Jump to the Ruby on Rails category or contact us.
Tags: PHP, PHPUnit, TDD, Testing
Posted in Code, Tips and Tricks | No Comments »
January 12th, 2009, by Tony
Ajax is a fairly broad technology with so many different client side and server side approaches that it’s hard to provide generic best practice rules. This however is one.
Requests via ajax tend to be handled asynchronously these days, communicating with the server whilst keeping the user interface active and responsive. This approach provides a potential problem though as it is possible to make a request and not worry about results, presuming what was sent just worked.
Better practice is to always respond from the server and at least have some form of simple logging at the client side so you can be certain communication is working as expected. It is simple for the server to respond with JSON in the form of:
{success:1}
This provides several pieces of information. Firstly the server action completed and was not met with an error such as error 500 (server error) or error 404 (page not found). Also if we toggle the “success” value with true or false, depending on the success of the request, we know that the process we requested was successful or failed. In one small line we rule out several potential points of failure.
Note that most major JavaScript libraries provide a simple means of handling success and failure so this is not hard to implement. In the case of Prototype you need only look at the “onError” and “onSuccess” attributes when defining the initial Ajax request.
We are a Perth web design and web development company and this is our blog. We specialize in building web applications with the Ruby on Rails framework. Jump to the Ruby on Rails category or contact us.
Tags: AJAX
Posted in Code, Inside TFG, Tips and Tricks | No Comments »
December 17th, 2008, by Aaron
Again I have a website where a lot of data transfer is done asynchronously and a large amount of the presentation is done using Javascript. Different users have different access to features across the site, and I can’t just rely on hiding links given the data is a simple HTTP request away. Protecting this data on the server side has always been easy to me, but I’ve typically found building the persistent abstractions I like to have far more difficult on the client side. As per usual, it’s probably just another issue I haven’t spent enough time to get a grip on.
It’s possible technologies such as Prism and Gears will help with this in the future. Unfortunately, it is the present.
This time I think I have a solution that I’m pretty happy with though. On the server side it involves using the existing HTTP response codes to indicate to the requester what happened with their request. On the client side the ajaxComplete() event is used to handle these codes.
jQuery will automatically call the function you specify as your callback in an AJAX request if the request is successful, so I’m only interested in handling failures. At the moment I’m assuming that all of my calls use JSON for their data format, but the alternative is a case I can handle later if need be. Only do what is necessary right now is a great credo I think.
So here is my event handler, it’s very simple but the documentation on the arguments to the event are a little slight. The success() call just makes a call to the function specified in the original call, hence passing in an empty array, simulating no records returned. The code I’m handling is for 401: Unauthorized, which in this case is the truth. This code will be sent back when I determine that the user is trying to access some data they aren’t supposed to. HTTP codes handle the majority of cases you’ll run into.
(function() {
if (typeof(jQuery) != 'undefined') {
jQuery().ajaxComplete(function(ev, req, settings) {
if (req.status == 401) {
settings.success([]);
alert('You have insufficient privileges.');
}
});
}
})();
The server side code is simple, it’s just a matter of sending back the appropriate header:
header('HTTP/1.0 401 Insufficient Privileges', false, 401);
This function is specified in a global include where part of the website uses prototype, I’ve been slowly integrating jQuery. Therefore the first thing I do is check if jQuery has been defined, if it has then I register my function as the handler for the ajaxComplete event. Since it’s declared globally this will happen on every AJAX call. If the response code is 401 then first I pass back and empty array to my success handler so that the little loading notifier disappears, and then I notify the user of the error.
It seems to be a trend lately, but again this is just a very simple idea but I hope it saves someone some hassle. I know I’ve searched high and low on the topic and haven’t found a nice generic solution.
We are a Perth web design and web development company and this is our blog. We specialize in building web applications with the Ruby on Rails framework. Jump to the Ruby on Rails category or contact us.
Tags: AJAX, Javascript, jQuery
Posted in Code, Tips and Tricks | 3 Comments »
December 11th, 2008, by Aaron
Animating table rows in the browser is problematic. You see, they aren’t block elements and as such don’t have a height or width property. Instead they take their constraints from the content inside them, and the elements that contain them. For rows this typically means they’re constrained by the containing table, and filled by the contained columns.
Today I wanted to slide a row up, and then when it had finished sliding I wanted to remove it from the DOM. Essentially giving it a nice effect when something is deleted.
Given that the height of a row is controlled by it’s content, I figured the easiest way to do this would be to wrap all of the content inside each column with a block element, in this case a div, and then resize those.
jQuery makes this extremely easy :
var el = $(options.element_prefix + id);
el.children("td").each(function() {
$(this).wrapInner("< div />").children("div").slideUp(function() {el.remove();})
});
NOTE : The div tag in the wrapInner() is malformed because it won’t display properly otherwise. Please remove the space between the opening bracket and ‘div’.
It’s all pretty easy to understand. Essentially my root element is a row, and so for each td in that row wrap it’s content in a div. Then for the child divs in each td, run the slideUp() method. The callback in the slideUp() method says after the animation is done, remove the row. Given the speed of computers these days, no one will notice that the last few columns quite likely just vanish instead of complete their animation.
We are a Perth web design and web development company and this is our blog. We specialize in building web applications with the Ruby on Rails framework. Jump to the Ruby on Rails category or contact us.
Tags: Animation, HTML, Javascript, jQuery
Posted in AuroraCMS, Code, Product Reviews, Tips and Tricks | 8 Comments »
Follow Us