Maintaining session from framework to DataTables

Maintaining session from framework to DataTables

prema770prema770 Posts: 6Questions: 3Answers: 0

I'm using datatables incorprated inside OctoberCMS - a Laravel based flatfile cms.
So as to make best use of the generator, I'd like to keep datatables related files in a separate folder off the webroot.

I need to pass a user ID to the datatables php backend - backend for security reasons then send a backend filtered dataset to the datatables front end.

Has anyone got any ideas on best practices?

Always greatly appreciate any help

Answers

  • colincolin Posts: 2,774Questions: 0Answers: 485

    Hi @prema770 ,

    I think the best way would be to send the ID in the ajax.data, and then to extract/modify the returned JSON with ajax.dataSrc.

    Hope that does the trick,

    Cheers,

    Colin

  • prema770prema770 Posts: 6Questions: 3Answers: 0

    Hi @Colin!
    Thanks very much for your time and effort in reply
    Are you able to comment on the security of this - - the system will handle confidential information and it seems like the information would be best passed through a session and used to filter the data in the SQL so as not to allow any chance of a front end query creating an uwanted disclosure

    Any further comment welcome and appreciated. I'm quite new to datatables - really like it

    Mike

  • allanallan Posts: 48,301Questions: 1Answers: 6,970 Site admin

    You'd probably need to refer to the OctoberCMS docs for this aspect. What I expect will be available is a method to check if a user is logged in or not. If they aren't, then you could just terminate with connection with a 401 - while if they are allowed access, then just process the request as normal.

    In terms of the data being fetched, you'd need to make sure that you apply a suitable where condition - I suspect that will be to match the user id to the login. But really that will depend upon the schema you are using.

    Allan

Sign In or Register to comment.