Handling server webservice calls

In modern applications, web application may need to call some other web application on behalf of the connected users. There is three way to do it: the ugly and the smart.

The ugly consists to give the cookie value to the webapp 1 which use it in cookie header of its request. Since version 2.0, LLNG gives a better way to do it using tokens with limited scope.

Kinematic

Webapp1 handler configuration

Insert a header containing this value: 

token( $_session_id, 'webapp2.example.com', 'webapp3.example.com' )

Webapp1 can read this header and use it in its requests in the X-Llng-Token header. The token is build using the session ID and the list of authorized virtualhosts. The token is available only 30 seconds and only the listed virtualhosts.

Webapp2 handler configuration

Change handler type to “ServiceToken”. So it is able to manage both user and server connections. And that's all !