I’m working on an ajax application that will be embedded in a wordpress page. The ajax app exchanges data with servlets running on tomcat. Now the servlets need a way to determine if a request comes from a user that is logged in to wordpress. And if the user is logged in, the servlets also must be able to determine the users id in order to be able to query the database. If the user is not logged it, the request will be denied.
So in other words, I need to let a servlet perform a request only if the user who caused the request is logged in to wordpress (version 3.3.x). Both, the servlet (tomcat) and wordpress (apache2) run on the same physical machine and share the same database.
In theory this could easily be solved by doing the following:
- During wordpress logon, some user token gets stored in a javascript variable.
- The ajax app forwards the user token to the servlets on every call.
- The servlets use the token to query wordpress if it is valid (i.e. if the user is logged in) and perform or deny the request.
The question is how can this be implemented on the wordpress side?
Because, what makes the theory so complicated is the fact that i have not yet done any php programming.
First I was thinking of transmitting the wordpress_logged_in (auth) cookie to the servlet and let the servlet query wordpress if the auth cookie is still valid. But as it seems, this can’t be done, as wp_validate_auth_cookie() always fails, even if cookie-data of a logged on user is passed.
An other solution could be to develop a plugin that stores the sessionid and userid in a table, which could easily be queried by the servlets.
Or maybe there’s an other solution…