如何在域驱动设计中处理用户会话
[英]How to handle user sessions in Domain Driven Design
问题描述
How are user sessions handled in domain driven design (in a MVC framework)? 
如何在域驱动设计中处理用户会话(在MVC框架中)?
I've got a User domain object, a UserRepository and a UserService . 我有一个User域对象,一个UserRepository和一个UserService 。
I've got this method in my UserService class that logs users in. 我在UserService类中使用了这个方法来记录用户。
public function login($email, $password, $remember = false)
{
$user = $this->userRepo->findByEmail($email);
if ($user && $user->getPassword() === $password) {
return $user;
}
return false;
}
How do I keep them logged in with sessions? 如何让他们使用会话登录?
How would I automatically load the user based on a session user id? 如何根据会话用户ID自动加载用户?
Can somebody give me an example with code how I could sustain the user in my application in DDD? 有人可以给我一个代码示例我如何在我的DDD应用程序中维持用户?
2 个解决方案
解决方案1
8 2014-07-10 20:48:23
From a DDD perspective, managing sessions is a distinct set of behaviors, therefor deserves a dedicated service. 从DDD的角度来看,管理会话是一组独特的行为,因此需要专门的服务。 So create such a service. 所以创建这样的服务。
You can pass that service to your UserService as a dependency, so the UserService can use the session manager for storing authentication information. 您可以将该服务作为依赖项传递给UserService ,因此UserService可以使用会话管理器来存储身份验证信息。
Better yet, the concept of authentication might also be seen as a distinct set of behaviors, so create a service for that too. 更好的是,身份验证的概念也可能被视为一组独特的行为,因此也为此创建服务。 Pass your UserService and session manager to this authentication service as dependencies. 将UserService和会话管理器作为依赖项传递给此身份验证服务。 (So the session manager is no longer a dependency of UserService .) (因此会话管理器不再是UserService的依赖项。)
But even authentication could be broken down into several distinct parts, it depends on how far you want to go. 但即使是身份验证也可以分解为几个不同的部分,这取决于你想要走多远。
I unfortunately can't show you any code, because that would highly depend on what kind of authentication you want to perform (HTTP Basic, Form login, OAuth, etc), what level of abstraction you want to achieve, and your personal preferences. 遗憾的是,我无法向您展示任何代码,因为这在很大程度上取决于您要执行的身份验证(HTTP Basic,表单登录,OAuth等),您希望实现的抽象级别以及您的个人偏好。
But if you want to see what a complex system can look like, have a look at the Security Component of Symfony 2, here in the documentation and here on github . 但是如果你想看看复杂系统的外观,请查看Symfony 2的安全组件, 在文档中和github上 。
And if you would consider using this component, you can look at how Silex implements it ( github ) to get a feel for how you can use it. 如果您考虑使用此组件,您可以查看Silex如何实现它 ( github )以了解如何使用它。
Side note 边注
DDD is about much more than writing your code in a certain way. DDD不仅仅是以某种方式编写代码。 If you want to learn DDD, I suggest you read the Domain-Driven Design: Tackling Complexity in the Heart of Software (the blue book), Implementing Domain-Driven Design (the red book), or you can start of with Domain Driven Design Quickly which is available for download. 如果你想学习DDD,我建议你阅读领域驱动设计:解决软件核心的复杂性 (蓝皮书), 实现领域驱动设计 (红皮书),或者你可以从领域驱动设计开始很快就可以下载了。
解决方案2
0 2014-07-06 10:14:00
if(!isset($_SESSION['user'])) {
if ($user && $user->getPassword() === $password) {
$_SESSION['user'] = $user;
return $user;
}
} else {
return $_SESSION['user'];
}
maybe something like that. 也许是这样的。 just make sure that on the log out function your destroy the sessions 只需确保在注销功能中销毁会话
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.