Maintaining session from framework to DataTables
Maintaining session from framework to DataTables
prema770
Posts: 37Questions: 11Answers: 0
I'm using datatables incorprated inside OctoberCMS - a Laravel based flatfile cms.
So as to make best use of the generator, I'd like to keep datatables related files in a separate folder off the webroot.
I need to pass a user ID to the datatables php backend - backend for security reasons then send a backend filtered dataset to the datatables front end.
Has anyone got any ideas on best practices?
Always greatly appreciate any help
This question has an accepted answers - jump to answer
This discussion has been closed.
Answers
Hi @prema770 ,
I think the best way would be to send the ID in the
ajax.data, and then to extract/modify the returned JSON withajax.dataSrc.Hope that does the trick,
Cheers,
Colin
Hi @Colin!
Thanks very much for your time and effort in reply
Are you able to comment on the security of this - - the system will handle confidential information and it seems like the information would be best passed through a session and used to filter the data in the SQL so as not to allow any chance of a front end query creating an uwanted disclosure
Any further comment welcome and appreciated. I'm quite new to datatables - really like it
Mike
You'd probably need to refer to the OctoberCMS docs for this aspect. What I expect will be available is a method to check if a user is logged in or not. If they aren't, then you could just terminate with connection with a 401 - while if they are allowed access, then just process the request as normal.
In terms of the data being fetched, you'd need to make sure that you apply a suitable where condition - I suspect that will be to match the user id to the login. But really that will depend upon the schema you are using.
Allan
Thanks for your comment again Allan - Missed the notification!
With your help again we're on the right track