The Slim Framework support forum has moved to http://discourse.slimframework.com. This Tender forum is no longer maintained or monitored.

Best Way to Setup / Use with Mobile App

Jason Froderman's Avatar

Jason Froderman

25 Apr, 2012 06:45 AM

I'm using Slim to provide an API to a mobile application. I have a few questions about best practices for security.

Current Setup #1: SSL is forced via mobile app request and .htaccess
#2: Secure/httponly on Slim cookie settings are both set to true

Planned Work #1: If login is handled via post over SSL, an authentication token is returned and used to identify the user
#2: The authentication token is stored in the encrypted cookie for comparing to what the user sends back with each subsequent request

Questions #1: Any concerns?
#2: If everything is served over https -- it would be redundant to encrypt data before passing it along between the app and Slim, right?

The token route allows the iPhone app to not have to store the username and password but I want to make sure I'm not missing anything else. Thanks for the input.

  1. Andrew Smith closed this discussion on 02 Aug, 2012 10:58 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac