I’m making a PHP app to allow our customers to retrieve information from our database, using pre-defined functions. Perhaps PHP isn’t the best choice for this, but the same page is also used as a backend for a flash app, and we don’t have the time to rewrite it in another language (still, if we did have that time, I’m open to suggestions).

They will access the page via a URL, something like:

http://myurl.com/test.php?function=getUser&username=John

This will call the function getUser($username) and pass the value John as the $username parameter. Here’s the twist: this page will be called from an application that the customer creates, not from a browser.

They are allowed to get info about some users, but not others. To enforce this, I require them to provide login information. I’m not sure how I can keep that user logged in so that they don’t have to pass their login information every time they call a function, which can be multiple times per second.

I don’t think I can use sessions or cookies, since they are not calling the page from a browser. So how can I keep that user logged in?