Can not load the site when socket server opened the session !

[fnaysee]

Although the PdoSessionProvider uses database to store the sessions, when i connect to socket server, session is no longer accessible in website, could you please explain how using OAuth2 is diffrent? And why using database for storing sessions has same functionality as the normal in file sessions ? What i understand is that socket server is not closing the connection to the mysql is it right ? :/ THanks.

[alcalyn]

when i connect to socket server, session is no longer accessible in website

I don't know why, I never used PdoSessionProvider, but I can test it. It looks like this is either a database lock, (when a processus read a resource and another write the same resource), or maybe when PdoSessionHandler read a session, it also delete it and write another one.

could you please explain how using OAuth2 is diffrent?

In Sandstone, I'm using OAuth2 to authenticate client with a token instead of using PHP sessions. PHP sessions are well designed for a simple website, but become tricky when using it to authenticate i.e a websocket connection.

OAuth2 looks like it: I create an access token through the rest api, at this time the server store the access token (in either database or in files) which contains the username of the authenticated guy. Then to authenticate future requests (RestApi requests with token in headers, or websocket connections with token in url), OAuth2 checks the token, then log in the user with Symfony.

I'm using phpleague/oauth2-server for OAuth2. I find it easy to tweak it as I could couple it with Symfony security to log the user from an access token, and you can implement your own way to store access tokens.

why using database for storing sessions has same functionality as the normal in file sessions ?

I don't understand the question, but if you have only a website, storing sessions in either database or files is the same. But for websockets we can't use the "normal" way for PHP sessions storing because we must retrieve sessions in a custom way: we must retrieve session data onOpen, and not when calling session_start().

socket server is not closing the connection to the mysql

I just looked for PDO connection closing, and I surprisingly found that The connection remains active for the lifetime of that PDO object. "To close the connection, you need to destroy the object by ensuring that all remaining references to it are deleted". So you have to make sure that your webserver does not hold the connection to the database, and just use it punctually when needed :)

[fnaysee]

More confusing thing about SessionProvider is that there is no method to close session manualy in websocket server !

Also i tried closing Pdo manually, but doing so throws an error in websocketserver console and disconnects the user !

Then im confused if ratchet is even unable to handle the sessions for us why we use it at all ! we can switch to another library like textalk which is much easier to use.

Ok now can u please help me integrate SandStone in my project? Can we continue in telegram?

[fnaysee]

Sounds like sandstone needs zmq library, Also Ratchet can handles our requests like http requests!

[alcalyn]

Which error did you get when trying to close Pdo in websocket server ? It's should be something easy to fix.

From your point, it's maybe easier to use another thing than Pdo by carefully implement a simple session token manually, or use OAuth.

Sandstone do uses ZMQ to allow sending push message from RestApi to websocket server. In exemple, someone does a POST /articles, then you want to send a real time notification that a new article has been posted. You can either:

• start from Sandstone edition and use Docker with ZMQ
• install ZMQ and php-zmq extention
• disable ZMQ in configuration if you don't want to use push notifications, then composer install --ignore-platform-reqs to get rid of composer requirement error

I can help you for Sandstone, it's better if you're project is on github. You can start from https://eole-io.github.io/sandstone/ and https://github.com/eole-io/sandstone-edition

[fnaysee]

Hi, i don't remember that error. I don't have a private github account but i can share my project with you in gitlab. Composer throws this error while installing sandstone

  Problem 1
    - eole/sandstone 1.3.1 requires cboden/ratchet 0.3.* -> satisfiable by cboden/ratchet[v0.3.0, v0.3.1, v0.3.2, v0.3.3, v0.3.4, v0.3.5, v0.3.6] but these conflict with your requirements or minimum-stability.
    - eole/sandstone 1.3.0 requires cboden/ratchet 0.3.* -> satisfiable by cboden/ratchet[v0.3.0, v0.3.1, v0.3.2, v0.3.3, v0.3.4, v0.3.5, v0.3.6] but these conflict with your requirements or minimum-stability.
    - Installation request for eole/sandstone ^1.3 -> satisfiable by eole/sandstone[1.3.0, 1.3.1].

Sounds like sandstone still uses older version of ratchet

[alcalyn]

I have not this error, what is in your composer.json ? Sandstone still uses Ratchet 0.3, but is actually upgrading, work in progress.

[alcalyn]

The fact is that Upgrading to 0.4 will bump Sandstone to version 2.0.0 as it's not retro-compatible because we'll need to use $conn->httpRequest instead of $conn->WebSocket.

So I started this work on v2 with in the mind using TLS for both websocket server and website side. But it's harder than I though.

Then I think I'll release the v2 with only the Ratchet upgrade.

[fnaysee]

For now sounds like there is no full feature library for authentication. I think it is better i do it manually like what you said i send the session id to the client and client sends it back to the ws server. but i think it is better i encrypt it, right? Do you know how i can get user ip from PdoSessionHandler Session ? :/ or i must set it manually ?

[alcalyn]

Do you know how i can get user ip from PdoSessionHandler Session

Not sure what you want to do, but PdoSessionHandler works just like PHP session, instead of it persist it in database instead of files. you can't get user ip unless you store it manually.

You should definitively use OAuth2 or a simple token system, so yes set a token manually you can easily identify user from a token. And yes, TLS is recommended.

[fnaysee]

Ok, i removed ratchet and installed sandstone, please notify me when you updated the sandstone. Now where i i must start using sandstone? :/ As all documentations are written for symfony i can not understand how to start using it.

Do i need anymore things other than sandstone to start working? Can i use codeigniters db class to interact with the db or sandstone handles the access by itself.

[fnaysee]

There is an error for guzzle package i think you must update it too in sandstone package: Package guzzle/common is abandoned, you should avoid using it. Use guzzle/guzzle instead.

[fnaysee]

Based on this link: https://eole-io.github.io/sandstone/big-picture.html I can see how sandstone works! But one question i don't want use 0mq instead i want push everything to websocket server, so i notify user in case we have any changes from same server. Now can sand stone handles restapi requests in ws server side ? :@ or i must route this things myself

[alcalyn]

please notify me when you updated the sandstone

You can be notified for Sandstone updates by watching repository then you'll be notified for releases and changelog, you can also follow Sandstone on twitter where I post any news about Sandstone.

all documentations are written for symfony i can not understand how to start using it.

I'm only using some Symfony components (i.e event dispatcher for dispatch/listen events, routing for websocket topic routes, httpfoundation as Http request and response api...). They work all independently, and you are not required to know Symfony as you maybe won't use them directly.

I'm still using Silex for the RestApi, a microframework to declare routes.

I don't know how much you're using codeigniter, but using Sandstone with codeigniter can be redundant as Sandstone natively provide a way to declare website routes, handle requests...

Package guzzle/common is abandoned

This error comes from a dependency, I don't use it, so I can ignore it

[alcalyn]

Can i use codeigniters db class to interact with the db or sandstone handles the access by itself.

No native support for any database, so you may use any database connection like Pdo, Doctrine Dbal...

[alcalyn]

can sand stone handles restapi requests in ws server side

No.

i notify user in case we have any changes from same server

I guess you mean any changes made through the RestApi, like POST /something. So you have to use a tool that can send a message from a thread to another one. ZeroMQ is implemented in Sandstone, you just have to install it, or use a docker container (something like that). Note that I could install Sandstone with only apt-get install php-zmq on a recent install of Ubuntu.

[fnaysee]

I guess you mean any changes made through the RestApi, like POST /something. So you have to use a tool that can send a message from a thread to another one.

No i mean i submit all data via js to websocket instead of posting, except things like login and loading the main panel.

I'm forced to use codeigniter in this project since this is a match ! And i'm looking to find the best possible way to write it.

According to what you said i will remove sandstone but don't know how to use Rest api in websocket side ! LOL

Thank you for your helps.

[alcalyn]

"submit all data via js to websocket instead of posting", so Ratchet is exactly what it does. You just need an authentication workflow if I understand well, so that's why the best way to achieve it is a token system like OAuth2.

I'm not sure what you mean by "use Rest api in websocket side". Simulating HTTP requests and responses is a bad pattern as you'll lost all the HTTP part, like verbs, caching... See Is ReST over websockets possible?. Good luck btw, I got some headaches understanding websockets :)

[fnaysee]

"submit all data via js to websocket instead of posting", so Ratchet is exactly what it does. You just need an authentication workflow if I understand well, so that's why the best way to achieve it is a token system like OAuth2.

good mention, do u know any simple and well documented library for just OAuth2.

I'm not sure what you mean by "use Rest api in websocket side". Simulating HTTP requests and responses is a bad pattern as you'll lost all the HTTP part, like verbs, caching... See Is ReST over websockets possible?.

For me the choosen approach could not be using 0mq! Because i can not tell them install too many new things just to be able run my script. So maybe i mix the requests between ajax and ws. For now i have a better understanding of what i want do! But steel don't know how to make things more standard, what is your opinion about swagger: https://github.com/swagger-api/swagger-socket and its php library: https://github.com/GuilhemN/swagger Is it what i'm looking for ? :/ Or i miss understood a new thing!

Good luck btw, I got some headaches understanding websockets :)

Yes, too muchh for me!

[alcalyn]

For OAuth2, this article helped me a lot: http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/

Then for php, I used league/oauth2-server with a good documentation: https://github.com/thephpleague/oauth2-server

I don't know swagger rest over websocket. It's something to experiment.

[fnaysee]

For OAuth2, this article helped me a lot: http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/

I was looking for such article ! thanks. So im a bit confused in my scenario i must use Client Credentials Grant or Implicit Grant ? I feel Implicit Grant right ? it has same name in oauth2.thephpleague.com project ?

[alcalyn]

I would say Resource Owner Password Credentials Grant, it depends on your application.

[fnaysee]

Ok i decided to use Resource Owner Password Credentials Grant. But now i don't know how to start writing! We use classes from that library or we must implement the interfeaces ? :/ if yes how?? Is there any built in functionality in this library to do everything by itself for us ? or any starter tutorial ?