Implementing a scalable and high-performing web app
Posted
by Christopher McCann
on Stack Overflow
See other posts from Stack Overflow
or by Christopher McCann
Published on 2010-04-30T22:19:37Z
Indexed on
2010/04/30
22:27 UTC
Read the original article
Hit count: 265
php
|web-services
I have asked a few questions on here before about various things relating to this but this is more of a consolidation question as I would like to check I have got the gist of everything.
I am in the middle of developing a social media web app and although I have a lot of experience coding in Java and in PHP I am trying things a bit different this time. I have modularised each component of the application. So for example one component of the application allows users to private message each other and I have split this off into its own private messaging service. I have also created a user data service the purpose of which is to return data about the user for example their name, address, age etc etc from the database. Their is also another service, the friends service, which will work off the neo4j database to create a social graph. My reason for doing all this is to allow me up to update seperate modules when I need to - so while they mostly all run off MySQL right now I could move one to Cassandra later if I thought it approriate.
The actual code of the web app is really just used for the final construction. The modules behind it dont really follow any strict REST or SOAP protocol. Basically each method on our API is turned into a PHP procedural script. This then may make calls to other back-end code which tends to be OO. The web app makes CURL requests to these pages and POSTs data to them or GETs data from them. These pages then return JSON where data is required.
I'm still a little mixed up about how I actually identify which user is logged in at that moment. Do I just use sessions for that? Like if we called the get-messages.php script which equates to the getMessages() method for that user - returning all the private messages for that user - how would the back-end code know which user it is as posting the users ID to the script would not be secure. Anyone could do that and get all the messages. So I thought I would use sessions for it. Am I correct on this?
Can anyone spot any other problems with what I am doing here?
Thanks
© Stack Overflow or respective owner